Business.gov.nl uses cookies to improve the website. These functional and analytical cookies do not contain your personal data. Do you want to watch video content? Third parties may place tracking cookies to track your online behaviour. You can refuse these tracking cookies. How cookies are used on Business.gov.nl.

Cybersecurity management and strategy

Published by:
Netherlands Chamber of Commerce, KVK
3 min read

Digital transformation offers opportunities, but it also introduces new risks. Cyber resilience is your ability to prepare for, respond to, and recover from cyber threats. It is crucial for remaining trustworthy, protecting your assets, and ensuring business continuity. Without a solid cyber strategy, your business can suffer damage from incidents like data breaches, ransomware attacks, or system downtime. Read about the first steps you can take.

Cyber security: practical steps

Cybersecurity involves both technical and organisational issues. While technology provides tools, your processes and people are just as critical. To set up a cyber security strategy for your business, answer some questions that will help you identify these organisational aspects:

1. What Needs Protecting?

Start by understanding what information and systems are most critical to your business operations.

  • What are your business activities? For example, if you run a design firm, your intellectual property (designs, concepts) is important. If you run an e-commerce store, customer data and payment information are vital.
  • What information do you rely on daily? This includes customer databases, financial records, operational data, and contact information.
  • Where is this information stored and how is it accessed? Is it on local servers, cloud platforms, or employee devices? Who has access to this information?

Create an inventory of your critical data and systems and a classification regarding the confidentiality, availability, and reliability of the information. Understand their value to your business and the impact if they were compromised or unavailable.

2. What are the risks?

Once you know what is valuable, assess the potential threats and vulnerabilities.

  • What are the consequences if you lose access to critical data? Could it disturb your business operations, damage your reputation, or lead to financial losses?
  • What if sensitive customer data is exposed? This could result in fines, lawsuits, and losing the customer’s trust.
  • Consider common threats: Phishing scams, malware, ransomware, insider threats, and human error.

Do not just think about external attacks. Consider internal risks and human behaviour as well, such as accidental data deletion by an employee or a disgruntled former staff member.

Read more about identifying cyber risks.

3. Who is responsible for what?

Cybersecurity is a shared responsibility. Even in a small business, awareness and clearly defined roles are part of your strategy.

  • How do responsibilities extend to employees? Everyone who handles information plays a role in protecting it.
  • Do employees know their responsibilities? How to protect and store sensitive information? How to recognise a threat and how to respond?
  • What are the roles of third-party providers? Do you outsource IT or use cloud services? Ensure their security practices align with your needs.

Consider appointing a cybersecurity lead to coordinate your strategy. Regularly discuss cybersecurity during team meetings to keep it top-of-mind. Encouraging safe behaviour is very important for the prevention of incidents.

4. How to prevent a cyber incident?

Preventing a cyber incident is an ongoing process. Threats evolve, and so should your strategy. What you can do:

  • Automate backups of critical data and regularly verify their integrity.
  • Set up password and email security policies for your employees.
  • Appoint someone to implement timely software updates, security patches, a firewall and virus scanner. Many breaches exploit known vulnerabilities.
  • Establish clear onboarding and offboarding processes for staff, including managing their access to systems and information.
  • Encourage employees to report suspicious activity or errors. Your staff are your first line of defence.
  • Keep your incident response plan up-to-date, and regularly review and test it.

5. How to respond to a cyber incident?

A cyber incident can still occur. An incident response plan minimizes damage and accelerates recovery.

  • What are your essential operations that must continue? Identify critical systems and data needed to keep your business running.
  • How will you limit the impact of an incident? This involves having robust backups, clear communication protocols, and predefined steps for containment.
  • Who do you contact in an emergency? Have a list of IT support, legal counsel, insurance providers, and relevant authorities ready.

Report any cybercrime incident to the police. You must also report all data breaches to the Dutch Data Protection Authority (AP) within 72 hours, using the data leak reporting desk (Meldloket Datalekken, in Dutch).

How would you rate this page?(question 1 of max 3)
We are sorry to hear that. How can we improve?(question 2 of 3)

Questions relating to this article?

Please contact the Netherlands Chamber of Commerce, KVK