The Silent Threat of False Security
We see that many organisations are still grappling with the same fundamental issues as in previous years. The Cybersecurity Report 2025 paints a clear picture: the foundations of many security strategies are fragile.
Organisations may invest in measures, audits and technology, yet often lack the necessary oversight and in-depth knowledge to truly protect their infrastructure and data. This creates a gap between the perception of safety and actual resilience.
Top Security Challenges
In our research, conducted together with Securify, we asked organisations about their greatest security challenges. Three clear pain points emerged:
- Thorough implementation of appropriate security measures (27,1%)
- Targeted identification of processes, systems and data that need protection (22,4%)
- Timely detection of security incidents (18,4%)
These three points share a common underlying issue: the absence of complete visibility into one’s own infrastructure. Without such insight, control is barely possible.
The Importance of Thorough Inventory
A robust security foundation begins with a full inventory of infrastructure and assets, complemented by a comprehensive risk analysis. This gives organisations the clarity they need to determine which systems and data deserve the highest security priority. With this knowledge, security measures can be chosen more effectively, and the ability to respond quickly and appropriately to current threats improves.
By investing in visibility and monitoring, resilience grows alongside the foundation for a security strategy that can continuously improve.
The Danger of a False Sense of Security
The report also shows that organisations primarily rely on internal security audits (56.8%), followed by risk assessments (52.4%) and external audits (49.6%). While these methods are valuable for compliance and process control, they carry a risk: they often present only a paper-based reality.
According to Kees Stammes, CEO of Securify, you only truly discover how resilient you are to cyberattacks by carrying out Continuous Pentesting and Red Teaming. These methods simulate realistic attacks and show how systems, processes and people respond under pressure.
Yet only 17.2% of respondents say they use Red Teaming to test their security. “I would go so far as to say that this 17.2% are genuinely resilient against cyberattacks. The rest are operating under false security,” says Stammes. The fact that 42% of organisations name building more knowledge as their top priority for the coming year underlines his point.
From Compliance to True Resilience
The report clearly shows that many organisations still have steps to take before their security strategy reflects the reality of today’s cyber threats. Compliance alone will not protect against targeted attacks by advanced cybercriminals. Paper-based assurance may be a foundation, but genuine resilience requires continuous reality checks.
True resilience calls for a security approach that is proactive, integrated and ongoing. This means that policy, processes, technology and human behaviour must be considered and tested together.
Resilience Checklist
False security may feel comfortable, but it is dangerous. This resilience checklist will help you discover where you truly stand and what steps you need to take to stay ahead of attacks.
- Start with visibility: Make a full inventory of your infrastructure and assets. Without an up-to-date overview, you will not know where vulnerabilities lie.
- Know your crown jewels: Identify which processes, systems and data are most critical to your business continuity. Focus protection efforts on what the business absolutely cannot afford to lose.
- Test realistically: Add Continuous Pentesting and Red Teaming to your test plan. These simulate real-world attacks, including social engineering.
- Invest in knowledge: Ensure employees understand how attacks work and how they should respond. Security awareness and incident response training have proven effective in reducing risks.
- Monitor continuously: Use advanced detection tools and processes to identify and analyse anomalies immediately. For instance, consider a (Managed) SOC. The sooner an attack is detected, the less damage it will cause.
Dare to Test Reality
False security is a costly illusion. Only by combining insight, realistic testing and a continuous improvement process can organisations truly lay claim to the term ‘cyber resilience’. The Cybersecurity Report 2025 has a clear message: dare to test reality.
Curious how? Get in touch to discover what Solvinity and Securify can do for you.
Curious to know how Dutch organisations view their resilience?
Download the Cybersecurity Report 2025
Also read
More
In-house Security versus Outsourcing: the Dutch Approach to Security
Organisations face a choice: invest in their own internal security team, outsource to an external provider,...
READ MORE
Cybersecurity and Organisational Resilience: Insights from 2025
Find out how Dutch organisations deal with digital threats, what their biggest challenges are, and how...
READ MORE
Zero Trust: a practical mindset for effective digital security
Discover how the Zero Trust approach protects your organisation against future digital threats in this article.