As of Monday 13 September, not only critical organisations such as energy and water supply companies, but also non-critical organisations can receive a warning from the government if there is a serious digital threat, such as a data leakage in certain software.
The implementation of this is in the hands of a special service of the Ministry of Economic Affairs and Climate Policy (EZK), the Digital Trust Centre (DTC). According to EZK, warnings are necessary to make companies more digitally resilient: every year one in five companies become the victim of a cyber-attack, the ministry says.
These attacks lead to business problems and to more social disruption. For example, a hack at a Dutch logistics company temporarily led to cheese shortages. Hacks have led to major problems in the United States specifically. There, Critical infrastructure was affected, such as power supply, internet access, drinking water and payment transactions.
In fact, ransomware attacks, in which company data is hacked, have become such a problem that national security is at risk. The National Coordinator for Security and Counterterrorism (NCTV) warned about this at the end of June.
The fact that the government is only informing non-critical companies about digital threats as of 16 September is because warnings were not legally possible before. The National Cyber Security Centre (NCSC) never had the necessary powers to share information with DTC and individual companies. As a result, it could occur that the government was aware that a company had been hacked, but that this information was not shared with the company in question.
The warnings to individual companies will initially take place on a limited scale and mainly by telephone. The ministry will assess whether this can be done automatically in the future.
A pilot will start in the winter to investigate this option. In theory, hundreds of companies could be warned simultaneously via an IP-address or domain name.