The majority of large and small Belgian companies use at least seven different ICT security measures. Authentication and backups are the most commonly applied.
Digital trust and security is one of the five central themes of the Belgian Digital Economy report by FOD Economy. The report surveys both large and small companies about the measures they apply to secure themselves. This shows that even the smallest companies have at least a handful of measures in place.
read also
Belgian companies are increasingly focusing on digital sovereignty in cybersecurity
The positive news is that the number of Belgian companies falling victim to cyberattacks has not increased significantly since 2022. 34 percent of large companies experienced unavailable ICT services after a cyberattack compared to 20 percent among SMEs. The figures are more or less constant compared to two years earlier.
Data damage occurred more frequently at large organizations (7 percent compared to 5 percent in 2022) than at “SMEs (4 percent). Disclosure of confidential data affected 5 percent of large companies and 2 percent of SME” s.
Seven Measures
The research examines how many and which measures large and small companies apply. From a list of ten measures chosen by FOD Economy, the majority indicates applying at least seven. Among SMEs, this is a narrow majority of 53 percent. Less than ten percent of SMEs apply all ten security measures, while among large companies this is 37 percent.
The most applied measure is password authentication, with 96 percent among SMEs and 99 percent among large companies. Notably, biometric authentication has not yet broken through among SMEs. 35 percent have implemented biometric authentication. The combination of different authentication mechanisms is also not yet the norm among SMEs, with an adoption rate of 58 percent.
After authentication comes making backups at an external location. 97 percent of large companies say they have backups available and 86 percent of SMEs. Encryption is applied much less by SMEs (36 percent).
Training Optional
There is still work to be done among SMEs regarding awareness and informing staff about security procedures. 38 percent maintain documents with practical measures, while 88 percent of large organizations do so. 61 percent of SMEs focus on cybersecurity awareness, but less than half provide training.
Security training is not always mandatory, even at large companies. Three out of four large companies provide mandatory training, while among SMEs this is one in four.