
The new cabinet must do more to make the Netherlands more digitally secure. This writes the Cyber Security Council (hereafter the council) in a letter to the informateur. The council warns that current cyber security efforts and investments are not enough to deal with the growing digital threats from state actors and cyber criminals. This affects our national security and puts increasing pressure on our freedom, democracy and prosperity.
Digital threats
The annual Cybersecurity Assessment of the Netherlands (CSBN) shows that cyber risks are on the rise. Recent warnings from NATO about physical threats, apply equally to risks in our digital infrastructure and processes. The rise of generative artificial intelligence (AI), besides providing opportunities for automated security, also poses major new risks. Digital attacks are becoming possible on an even larger scale and phishing attacks are becoming more realistic and therefore more promising.
Extra effort and investment needed
In its letter to the informateur, the council argues for strong central direction from the government, joint action with industry and science, and more speed in the implementation of the Dutch Cyber Security Strategy (NLCS). The council estimates that annual investments from the new government are needed of 200 million euros in 2024, rising to 550 million in 2028 and beyond.
"Cybersecurity is an absolute prerequisite to keep the Netherlands running and safe," said Theo Henrar, co-chairman of the council and chairman of business association FME. "Our country is one of the most digitised countries and therefore extra vulnerable. This applies to the entire digital infrastructure, from the process industry, flood defences, the energy sector and hospitals, to small and medium-sized enterprises. The tense geopolitical situation brings real digital threats and, meanwhile, cybercrime is also on the rise. Tight governance is necessary to keep the Netherlands digitally secure."
High price
Many good steps have been taken in recent years for more digital security, with the NLCS as an important basis, but more effort is still needed, also given the international coherence and introduction of new EU regulations such as the NIS2 directive.
"For companies, cybersecurity is now in the top three business risks. The new cabinet must also make an unequivocal commitment to more digital security," says Lokke Moerel, council member from her role as professor of Global ICT Law at Tilburg University. "The costs involved are inevitable for both companies and the government; the price of under-investing in cybersecurity will ultimately be many times higher."
"We must hurry to implement the cyber risk management measures mentioned in the NIS2," says Moerel. "This requires a larger number of companies to have their digital security in order and report incidents, including heightened oversight and administrative accountability. The EU is also going to impose strict requirements on the digital security of products and services from all EU member states."
The council also calls on the government to take a critical look at risks in the digital infrastructure, such as when using cloud technology. To do so, the Netherlands should build its own technical capacity and strengthen its knowledge position on cybersecurity.
Background information on the Cyber Security Council (CSR):
The CSR is a national and independent strategic advisory body to the cabinet and through the cabinet also the business community when it comes to cybersecurity in the Netherlands and is composed of senior representatives from the public, private and scientific sectors. Due to this unique composition, the council looks at the nationally strategic cybersecurity challenges from multiple perspectives and provides weighted strategic advice to the cabinet and the business community. In doing so, the council keeps an eye on the economic opportunities cybersecurity can offer our country.