Home > IT Blog > One in three companies faced at least one cybersecurity incident in 2022

One in three companies faced at least one cybersecurity incident in 2022

According to a recent Proximus report and survey, 32% of respondents confirmed to be aware of one or more cybersecurity incidents having occurred within their organization in 2022. Nearly half of these incidents came with a financial impact, and one third prevented employees from doing their job.

For the 4th year in a row, Proximus surveyed how companies in Belgium, The Netherlands and Luxembourg deal with cybersecurity.
More than 250 CEOs, CI(S)Os, and IT managers participated in this survey, which resulted in the research report The impact of cybersecurity on companies in the Benelux.

The report shows that 32% of respondents had to deal with a cybersecurity incident within their organization in 2022. In almost half of the cases, the incident is linked to an intentional attack. Social engineering (e.g. phishing), makes up the lion’s share of the attacks. Ransomware and malware, such as viruses, worms, and Trojan horses, complete the top 3. Among incidents with an accidental nature, unauthorized activities and data breached are most frequently reported.

The consequences for the affected companies are often severe. Thirty percent of the reported incidents resulted in employee downtime. Nearly one in two have a financial impact, with costs primarily linked to incident reporting, reduced productivity, and reputational damage.

This report clearly shows that security is a major concern for both large and small organizations, not only because the frequency of cyber attacks continues to increase but also given the financial damage and operational impact cyber attacks can provoke.”

Anne-Sophie Lotgering
Enterprise Market Lead at Proximus

Increasing sense of urgency to reinforce awareness and response strategies

The frequency of incidents is significantly higher at large corporations with more than 2,000 employees (60%), compared to small and medium-sized companies (25%). The result shows that large organizations are more popular targets for cyber-attacks but could also point to better tracing. This seems to be confirmed by the differences in terms of attention paid to awareness raising. Among large companies (>250 employees), almost 80% organizes training to raise awareness around cyber threats at least once a year. Among SMEs, this is only 54%.

In general, around 80% of companies stated to have a cybersecurity strategy in place or in preparation. A detailed incident response procedure is in place or being developed in 7 out of 10 companies. The sense of urgency is higher among companies that experienced an incident in the past year.

The increased attention for cyber security is also reflected in the allocated budgets. Even in difficult budgetary times, over 1 in 5 participating companies boosted their cybersecurity budget by 20% or more in the past year. Large enterprises demonstrated the most substantial increase, with one in three respondents reporting a significant budget boost.

Read cybersecurity full results (English) or in French and Dutch