PwC research Digital Trust Insights 2025

Concerns about cyber risks and new laws and regulations

06 Nov 2024

Nearly two-thirds of Dutch top managers and executives see cyber risks as the number one priority for 2025. In addition, organisations are eager to comply with new laws and regulations, such as the EU AI Act, but executives have little confidence that this will be achieved in time.

These are two key findings from PwC's Global Digital Trust Insights 2025, a study in which we ask top managers and executives from the business community about their cybersecurity challenges. This year, 4,042 top managers and executives from 77 countries took part, including 1,212 from Western Europe and 37 from the Netherlands.

Tackling cyber risks

The risks that executives consider most important to address are mainly in the area of cyber. Sixty-two per cent of Dutch executives consider cyber risks to be the most important priority to tackle in the coming year. This is in line with global and Western European trends, where 57 per cent of organisations consider cyber risks to be a primary concern. Dutch organisations also mention digital and technological risks (49 per cent) as important to address in the coming year.

62%

of Dutch organisation executives consider cyber risks as the top priority for the coming year

41%

of Dutch executives see ransomware as their most concerning cyber threat

'Although mitigating cyber risks is the biggest concern for the Netherlands, I still see many organisations struggling to gain insight and knowledge into their cyber risks', says Angeli Hoekstra, cyber expert at PwC Netherlands. 'A cyber risk management and governance methodology that ensures an understanding of cyber risks is essential. With this insight, organisations can determine which factors to improve and where to make targeted cyber investments.

Divided on increasing cyber budgets in 2025

Dutch organisations are divided when it comes to progressively increasing their cyber budgets in 2025. Thirty-five per cent of Dutch organisations expect a modest increase in their cyber budgets, with an increase of five percent or less in 2025. Thirty-five percent of Dutch organisations see an increase of six percent or more.

Hoekstra: 'It's interesting to see that cyber budgets in the Netherlands are not increasing as much as in Western Europe and globally. However, the number of digital regulations affecting the improvement of cyber controls is increasing in Western Europe and the Netherlands. Instead, organisations should continue to invest in these times to be well prepared'.

70%

of Dutch organisations expect their cyber budget to increase in the coming year

Organisations not confident in their ability to comply with new regulation

Dutch organisations lack confidence in their ability to comply with regulations. Only fourteen percent of Dutch companies are extremely confident in their ability to comply with regulations, compared to 23 per cent globally. There is still a lot of uncertainty around new artificial intelligence (AI) regulations, such as the EU AI Act, NIS2, DORA and GDPR. Only fifteen per cent of executives say they are very confident about complying with these regulations.

Hoekstra: 'I'm concerned that regulations are needed to improve cybersecurity, because most of these regulations are based on what cybersecurity, resilience or privacy measures must be taken to be protected and resilient. This means that companies still don't see cybersecurity and privacy as something that actually helps their business gain a competitive advantage, and something that is necessary for the resilience of their business'.

'It's not just about withstanding ransomware or nation-state attacks, but also, for example, ensuring that privacy controls work and that business-critical information can only be accessed by those authorised to do so. Cybersecurity and the ethical handling of personal data and privacy are necessary to gain the trust of customers and shareholders and to ensure the resilience of business operations'.

Goal to improve regulatory compliance by 2025

When Dutch executives are asked what their main goal is for 2025, 43 per cent want to improve regulatory compliance. Global and Western European respondents, on the other hand, are more focused on faster response times to incidents and disruptions. Of the Dutch respondents in the survey, 41 per cent indicate that response times to incidents and disruptions are an important goal in 2025.