Digital resilience is of great importance for individual companies. There are different types of risks, ranging from phishing attacks (where, for example, a fake email asks for sensitive information), ransomware attacks (in which company data is encrypted and returned for ransom), the failure of software or hardware of both office and industrial processes, causing them to come to a standstill, et cetera.
When one of the above occurs, this can have consequences for the continuation of business operations or business activities and cause economic or reputational damage to an individual organisation or the chain in which this organisation works. Cyber attacks can also have (personal) consequences for customers or employees of companies, for example when personal data is distributed.
Digital resilience is not only important for individual companies, but also for (business) ecosystems. Ecosystems are groups of organisations/companies that are geographically close and interdependent (see section 3.1 for a further explanation of the concept of ecosystem and some important aspects). In the event of cyber incidents, the consequences can have an impact on other companies. This could include a cyber incident at an energy company, (drinking) water supplier, financial institution or telecommunications company, where the consequences do not only relate to that company, but can affect others who depend on these companies. For a healthy ecosystem, it is therefore important that the ecosystem as a whole is also sufficiently mature when it comes to digital resilience.
There are some examples of incidents in the Netherlands where an attack had an impact on other companies (KPN Security provides an annual overview of major and high-profile cyber incidents in the Netherlands):
- Due to a ransomware attack at logistics company Bakker at the beginning of April 2021, delivery from several warehouses came to a standstill. Customers could not pass on orders and it was not possible to locate products in the warehouses. The attack led to empty cheese shelves at Albert Heijn. After about a week, the ‘cheese hack’ was solved.
- The international meal service Apetito was hit by a ransomware attack in June 2022. As a result, the company had little or no access to its IT systems. Apetito supplies meals to healthcare institutions, childcare and private individuals, among others. The attack disrupted the production and delivery of meals.
- Five municipalities in Limburg, including Kerkrade and Vaals, were confronted with a cyber attack in July 2022. It was aimed at a software supplier. As a result of the attack, the administration of the social domain was locked down. Data relating to, among other things, social assistance benefits and youth care were not accessible.
- The notorious Conti ransomware gang took The Sourcing Company’s servers hostage in March 2022. The company provides IT services to many housing corporations. Conti then published thousands of files containing sensitive data on the dark web, including copies of passports and bank details.