Rathenau Institute: the government and private sector are not sufficiently protected from cyber threats

Rathenau Institute: the government and private sector are not sufficiently protected from cyber threats

According to a report published today by the Rathenau Institute, the current measures designed to protect the government and private sector from cyber threats are no longer adequate. Additional measures must be taken to combat the increasingly professional methods used by cybercriminals, cyber spies and hackers. Central government and high-tech companies are being systemically targeted by digital espionage attacks. The report argues that enhancing cybersecurity in the Netherlands should be a greater priority.

Dick Schoof, Herna Verhagen and Rob Bertholee

The study was commissioned by the National Coordinator for Security and Counterterrorism (NCTV) and the General Intelligence and Security Service (AIVD). The report makes clear that the Netherlands, one of the most IT-intensive economies in the world, is an attractive target for cybercriminals, cyber spies and hackers. The greatest threat is posed by foreign intelligence services which collect and manipulate political, military and technological information in this country on a large scale. Cybercriminals are becoming more sophisticated; the methods they used are more advanced, and their revenue model is becoming more profitable. In addition, more and more small and medium-sized enterprises (SMEs) are falling victim to cybercrime. The evolution development of the Internet of Things magnifies that vulnerability. Often, scant attention is paid to the need to secure smart devices, with the result that they can be hacked and deployed in large-scale ‘distributed denial of service’ (DDoS) attacks. According to the Rathenau Institute, cyber threats undermine the innovation and competiveness of Dutch companies and confidence in the digital society.


The House of Representatives has already passed laws expanding the power of investigative agencies and the intelligence and security services. The Rathenau Institute makes a number of recommendations for further boosting the Netherlands’ resilience to cyber threats. One such recommendation is to create a knowledge and advisory centre for SMEs. The report advises vital sectors (e.g. telecommunications, transport, drinking water, energy and healthcare) to conduct an annual ‘hack test’. It also suggests conducting a review of present liability legislation in order to determine whether it adequately covers IT products and services. Supervisory bodies like the Authority for Consumers and Market and Radiocommunications Agency Netherlands are advised to take firmer action against the marketing of unsecured digital products. Finally, the Institute proposes that the government, which purchases around 30% of all security products and services, function more as a role model in its capacity as a launching customer.

The Institute’s study underscores the importance of cybersecurity. Its conclusions are line with those of previous reports on the subject, such as the NCTV’s 2016 National Cybersecurity Assessment for the Netherlands and a report which Herna Verhagen, the CEO of PostNL, drew up at the request of the Cybersecurity Council. The Rathenau Institute’s report provides clear analyses and recommendations, informed by input from academia, the business community and the government. This will make it a useful guide for the Netherlands’ public-private approach to cybersecurity in the years ahead.