Security and prosperity depend on an ability to safeguard the digital information, data and networks at home and abroad, that underpin our society and economy. The Wannacry ransomware attacks on the NHS in the United Kingdom and the NotPetya cyber attack on the APM Terminal of Maersk in the Port of Rotterdam showed once again that both the Netherlands and the United Kingdom are very vulnerable. And, these cyber threats continue to grow in scale and sophistication. It also makes effective cyber security such a crucial part of our economies. And the stakes are high. Deloitte calculated that the yearly damages to the Dutch economy are more than 10 billion euros. This is 1.5% of its GDP, higher than anywhere else in the world. According to Lloyds of London the next global cyber attack will lead to more economic damage than a severe natural disaster. This could cause damage up to 121 billion dollars.
Why is the Netherlands not “cyber ready”?
Whereas the UK and the Netherlands have similar economic stakes and operate in the same highly digitalised environment, the UK scores much stronger on the cyber readiness index developed by the Potomac Institute for Policy Studies. The Cyber Security Assessment Netherlands 2017 shows that the resilience of individuals and organisations in public and private sectors is staying behind in relation to the increased threats. The majority of individuals and organisations seem to severely underestimate and downplay the risks they face.
I believe that there are two main reasons for this. On the one hand this can be blamed on the more laid back security philosophy of the Dutch (“keep everything as open and accessible as possible”). On the other hand the Dutch polder model, their famous system of consensus decision-making, makes that there is a lack of a clear, central strategy that defines responsibilities and resources.
Within the Dutch government the responsibilities for cyber security fall under five (!) different government departments. Organisations such as the National Cyber Security Centre, the Defence Cyber Command, the Police’s Team High Tech Crime, and the General Intelligence and Security Service have to work together in a complex “polder” system with public and private partners. Their primarily focus is protecting the Dutch critical national infrastructure and large enterprises. This makes information sharing and the process of defining and executing a national cyber security strategy time consuming and complex.
This also affects the development of knowledge and talent. Innovation in the Dutch security sector is often a complex dance between the government, industry and knowledge institutions: the triple helix. The idea behind this concept is that this hybridisation of elements will lead to increased innovation and knowledge development. However, in the Netherlands a central approach is lacking. In a country that is only the size of the State of New York, “accelerators”, “ecosystems” and “clusters” such as The Hague Security Delta pop up everywhere and compete for the same companies, researchers and/or talents. My personal experience is that it is very difficult to get an overview of who does what and who adds value where. Don’t get me wrong, collaboration in this field is key. But collaborating without a clear strategy, structure, or end goal becomes messy and is a waste of (public) money.
So change is needed.
The extra investments up to 95 million euros per year by the new Dutch government are welcome, if used wisely, but just a very early start. The new Digital Trust Centre, for example, is a good initiative. It will close the gap in the current national cyber security strategy by looking after SME’s as well. But at the same time this adds yet another player to the many other organisations with some kind of responsibility in the field of cyber security.
Learning from each other!
Against this background, the Department for International Trade here in the Netherlands organised the second UK-NL Cyber Security Showcase back in September 2017. We believe that collaboration is key. The economic prosperity and social well-being in both the UK and the Netherlands increasingly depend on the openness and security of networks that stretch beyond our borders. We all benefit from a free, open, peaceful and secure cyberspace. And we have a shared responsibility and mutual interest in improving our collective cyber security. That is why we aim to bring British and Dutch cyber security companies, end users, resellers, and other stakeholders in the cyber security industry together. To share best practices. And to investigate potential partnerships in cyber security in both the Netherlands and the United Kingdom.
In my next blog I will dig into the UK’s strategy to protect against cyber threats and how the Dutch could (and should) can learn from that! Stay tuned!
If you missed the UK-NL Cyber Security Showcase and want to see real collaboration in action, have a look at this video: https://youtu.be/s35b4A4L1Io