In-house Security versus Outsourcing: the Dutch Approach to Security

Cyber threats are increasing worldwide, both in number and complexity. As a result, organisations face an important decision: invest in an internal security team, outsource security to an external provider, or adopt a hybrid model. The most effective option depends heavily on the organisation’s size, resources, and strategic priorities.

Our recent Cybersecurity Report shows that more than half of Dutch organisations (56.4%) deliberately choose to continue investing in in-house security (see Figure 1). Over 16% intend to expand their internal security team. In contrast, more than 37% choose to outsource (part of) their security.

Smaller organisations more often opt for outsourcing

Interestingly, organisations with 200 to 499 employees are relatively likely to outsource (part of) their security tasks (see Figure 2). The choice between in-house security, outsourcing, or a hybrid model appears to be closely linked to an organisation’s size and internal capabilities.

For smaller companies, outsourcing is often a logical and cost-efficient step: it provides access to specialist expertise and continuous monitoring without the need to build a large internal security team. Larger organisations, on the other hand, are more likely to have the resources to establish their own team, but remain alert to situations where additional external support may be beneficial.

Regardless of the chosen approach, one key lesson stands out: continued investment in effective security measures is essential to address the ever-growing number of cyber threats.

SOC or no SOC?

A Security Operations Centre (SOC) is the nerve centre of an organisation’s digital security. From this specialised hub, security experts continuously monitor, analyse, and respond to suspicious activity within the IT landscape. A SOC combines advanced technology, clearly defined processes, and human expertise to detect threats at an early stage and to respond effectively to incidents.

Our research shows that 65.9% of organisations use a SOC, of which 32.3% manage it in-house. Another 16.9% use a third party (Managed SOC), while 16.7% have a combination of the two (see Figure 3).

Cost as the biggest challenge

For organisations that do not yet have a SOC, cost and budget appear to be the biggest barriers (42.3%). This is interesting, as in practice investments in a Managed SOC are sometimes lower than organisations expect. Moreover, the potential damage and recovery costs following a serious security incident are generally far greater than the ongoing investment required for effective monitoring and response.

A feasibility study can help map out the options, potential risks, and cost–benefit ratio. It can also provide immediate insight into which elements of security would benefit most from SOC support and how a phased implementation could reduce the financial impact.

A broader view of the threat landscape

In 2025, phishing, smishing, and vishing attacks (53.6%) top the list of concerns for organisations, followed by ransomware (44%) and data breaches caused by lost devices (33.3%) (see Figure 4). These figures show that companies are becoming increasingly aware of the diversity of threats, from sophisticated, targeted attack methods to more ‘classic’ risks such as data loss due to missing equipment.

Notably, fear of DDoS attacks has risen more than any other concern compared to previous years. Recent events, such as the DDoS attacks during the NATO summit in The Hague, demonstrate that this concern is far from unfounded.

A mix of measures is essential

To minimise the damage from such incidents, it is vital that organisations adopt a mix of technical measures. These include endpoint security, encryption, robust backup strategies, and ongoing awareness programmes. In this way, employees are not only protected through technology but also trained to respond alertly to the most common attack methods.

Would you like to carry out a feasibility study or find out how Solvinity can support your organisation with its security challenges? Get in touch today.