The figures from CCINFO speak for themselves. It’s a worrying increase—especially when you consider that these are only the reported incidents. Only 30% of companies that fall victim to ransomware actually report it to the police. The threat is real, yet companies continue to fall short in making structural investments in cybersecurity.
According to experts, this is partly because businesses are overwhelmed with technical advice and complex measures. They can’t see the wood for the trees. But cybersecurity doesn’t have to be an insurmountable challenge. It starts with the basics. “You don’t need to implement a hundred things—fifteen will do. Get your fundamentals in order.”
One proven approach is obtaining certification. For example, NIS2-QM10, which represents the minimum level for SMEs. It includes the five basic principles of digital security, as recommended by the government. This certificate was specifically developed for companies that are not (yet) subject to the stricter NIS2 requirements, but who still want to demonstrate their cyber hygiene to clients. The bar isn’t set too high, but exactly where it needs to be: at realistic, verifiable measures.
Companies with this certificate:
- Are demonstrably less attractive to cybercriminals
- Can prove compliance with basic cybersecurity standards
- Increase trust among larger clients
- Reduce legal risks in the event of supply chain incidents
Why companies must act now
Getting your cybersecurity basics in order takes six months. Waiting until new regulations catch up with you—or worse, until an incident occurs—is a risk no business can afford anymore. Over 100 trade associations are participating, and if your company is a member, you can receive a 50% discount.
Source: https://www.ccinfo.nl/menu-nieuws-trends/darkweb/2483741_de-onzichtbare-dreiging-van-het-darkweb-een-zorgwekkende-stijging-van-datalekken-in-2025-cybercrimeinfo-jaarrapport
