Cyber Value at Risk in The Netherlands 2017
Dealing efficiently with cybercrime
Last year’s report was a first step in our efforts to show that an informed and rational decision-making process is possible through cyber risk quantification. This year we have expanded the report’s scope to consider the specific implications of this approach for Small and Medium Enterprises (SMEs) and thus the wider impact on society as a whole. In addition, we continue to provide a comprehensive quantitative overview of the economic consequences of cyber risk for Dutch organizations, and information to help them make better decisions.
25th of September 2017
Compared to last year, the Dutch cyber threat landscape has developed rapidly, and has only been partly offset by improvements in cybersecurity. However, by including Small and Medium-sized Entities (SMEs) into this year’s analysis, we note that this group requires special attention from the wider community. The main observations of this report are as follows:
- Expected cyber risk for Dutch SMEs totals roughly €1 billion and for larger organizations is estimated around €9 billion.
- SMEs are largely failing to adequately protect themselves against cyber risks, in part because costs are too high.
- Through their supply chains, larger organizations are inadvertedly exposed to third party risk from SMEs.
- Growing third party risk combined with increasing sophistication of cyber threats amplifies systemic cyber risk.
- As a consequence, cyber Value at Risk (“worst-case” scenario) is increasing while returns on cybersecurity investments are declining.
This new environment demands more efficient cybersecurity solutions, clear priorities and better management of resources. As organizations become more digitally connected and interdependent, and with ever fewer analog alternatives to fall back on, we are also increasingly dependent on each other for our security. To make our cyber society safe, stakeholders must collectively organize cyber risk management through the formation of “cybersecurity communities”:
- Government: help coordinate and stimulate the growth and formation of cybersecurity communities. Develop frameworks for the exchange of cybersecurity information and remove barriers to information and best practices sharing. Consider fiscal stimulus for cybersecurity investments.
- Cybersecurity and IT providers: invest in making cyber security more accessible, efficient and relevant, also for SMEs. Help build and develop cybersecurity communities and associated standards.
- Insurers: further develop integrated cyber insurance offerings, align with intermediaries, cybersecurity providers and re-insurers/risk pools, effectively contributing to the formation of cybersecurity communities.
- Corporates: prepare for more sophisticated cyber threats through better prioritization of cybersecurity resources. Organize third party cyber risk management towards formation of cybersecurity communities. Improve self-learning mechanisms on cyber risk that involve the business.
- SMEs: develop basic cybersecurity hygiene, including the use of regular off-line backups. Consider obtaining independent cyber risk advice and seeking involvement in suitable cybersecurity communities.
Request the report 'Dealing efficiently with cybercrime' and read more about:
There is a lot of analysis to digest, so please let me know if you would like to discuss the report, and what all of these findings mean for your organization.
Please reach out to me via phone +31 (0)88 288 7139 or email MvanWieren@deloitte.nl.
En een streepje voor op de concurrentie
Deloitte publishes its second report on potential cyber losses in Dutch SME sector