Knowledge base
September 06, 2025
Cybersecurity – Awareness is the biggest weakness
38% of Dutch SMEs faced a data breach in 2024. The average damage? €67,000 per incident. In addition to the financial impact, there is reputational damage and loss of customer trust. Our recent LinkedIn poll shows that 57% of companies see security awareness as the biggest challenge, ahead of phishing, vulnerable systems and lack of an incident response plan.
Why is awareness so crucial, and how can Dutch companies protect themselves? In this article, we explain:
-
What the biggest cybersecurity challenges are for SME Netherlands
-
How to structurally improve awareness
-
What ROI you can expect with the right approach
-
How ALTA-ICT supports you in this with ISO27001 and NEN7510 certifications
What is cybersecurity awareness and why essential in the Netherlands?
-
Definition and practical examples (phishing, social engineering)
-
Dutch context: AVG, mandatory data breach notification, Personal Data Authority
-
Risks to SME sectors (healthcare, retail, financial services)
-
Awareness as the basis of “human firewall”
How do you improve cybersecurity awareness?
Step 1: Assessment – IT scan, risk analysis, baseline awareness
Step 2: Training & simulation – phishing tests, interactive sessions, Dutch examples
Step 3: Process and culture – integration into policy, incident response practice
Step 4: Monitoring & improvement – periodic audits, KPIs awareness level
Common mistakes in Dutch companies
-
Taking only technical measures (firewalls without training)
-
No update policy → vulnerable systems
-
No crisis plan → panic at incident
-
Only reactive action after data breach
ROI of cybersecurity awareness
-
Cost of data breach vs. investment training
-
Example case: savings from 70% fewer phishing clicks
-
Average ROI: factor of 4 within 2 years
The ALTA-ICT approach
At ALTA-ICT, we combine technology + people + process:
✅ ISO27001 & NEN7510 certified
✅ Dutch context (AVG, DigiD, NORA)
✅ Customized security awareness training
✅ 24/7 monitoring from our SOC
FAQ on cybersecurity awareness in the Netherlands
1. How much does an awareness program cost on average in the Netherlands?
Costs vary widely depending on the size of the company and the approach taken. For SMEs, awareness programs often start from €2,500 per year, including e-learning, phishing simulations and reports. Companies in the healthcare or financial sector (with NEN7510 or DNB compliance) often spend more, due to additional audits and customized training.
2. How quickly do you see results from training?
The first results are often visible within 3 to 6 months. A common KPI is the number of employees who click on phishing links. In well-executed programs, this percentage drops by an average of 50-70% after one year.
3. Is awareness mandatory under AVG/NEN7510?
Yes, indirectly. The AVG requires organizations to take “appropriate technical and organizational measures” to prevent data breaches. Awareness training falls under that. For healthcare organizations, NEN7510 applies, which explicitly states that employees must be trained in information security.
4. How often should you run simulations?
Best practice in the Netherlands is to do phishing simulations at least 4 times a year. Many organizations opt for monthly micro-simulations, as this speeds up the learning curve and keeps employees alert.
Conclusion
Cybersecurity awareness is the No. 1 challenge for SME Netherlands. Technology alone is not enough: employees are the key.
💡 Discover your risks with ALTA-ICT’s free IT scan:
👉 scan.alta-ict.co.uk
Reference
Want to know more?
