IT security incidents affected 23 percent of Belgian companies in 2021. They had to deal with such an incident at least once.
Statbel, the official Belgian statistics office, consulted 7500 Belgian companies for this data. This investigation shows, among other things, that the incidents resulted in companies’ services being unavailable. Companies also lost access to data or this data disappeared completely, and confidential data was disclosed. Statbel does not clarify whether the leaked data consists of customer data or internal company documentation.
Measures against IT incidents
Of the companies surveyed, nine in ten companies create passwords as their main method of authentication. 39.4 percent of companies use 2FA – or a second layer of security via, for example, a 2FA app (OTP) or SMS codes. 12.6 percent of companies use biometric authentication as their primary form of authentication.
To protect IT systems, 77.2 percent of companies use ‘network access control’. They check which devices and users are allowed access to the network; devices or persons that are not allowed to be allowed cannot enter the network.
Insufficient incident documentation
Moreover, companies often use VPN services; this was the case in 2021 for six out of ten Belgian companies. So companies are certainly concerned with security, but that is still reflected – at least in the past year – in documentation about IT security. Belstat calculated in its report that only 34.1 percent of companies have “documents about measures, practices or procedures” for IT incidents.
Meanwhile, 33.1 percent of companies insured IT security incidents. For example, they are partially or fully reimbursed for the additional costs resulting from such an incident.
