The number of phishing attempts at companies increases tenfold in just one year

The 2023 SME Cybersecurity Monitor: two-thirds of SMEs don’t believe they are interesting enough to be targeted by cybercrime

KPN data shows that more and more SMEs are being confronted with malicious websites and phishing attempts via their systems or employees on a daily basis. Every week, KPN prevents more than seven million attempted attacks on Dutch businesses. Especially the number of phishing cases – in which attempts are made to obtain personal, login or financial data – is increasing. This makes the findings of the latest SME Cybersecurity Monitor (conducted by Motivaction) all the more surprising; it reveals that SMEs underestimate their risk and likelihood of becoming victims of cybercrime.

Compared to a year ago, businesses are now far more likely (+34%) to encounter cybercrime in the form of malicious websites, phishing and websites that are infected with destructive or harmful software. There has been a significant increase in phishing attempts in particular, almost ten times as many per week compared to a year ago. Another salient development is the significant increase in so-called Newly Registered Domains: websites with malicious intentions. For example, fake online stores that are online for just one day. Every week, KPN prevents more than seven million attempted cybercrimes on SMEs. However, KPN is only able to protect businesses that use the KPN Extra Safe Internet function. Unfortunately, many of them have not opted for this security filter, giving millions of cybercrime attempts the potential to succeed. And that while the filter is available to customers free of charge. 


"This is very worrying," says Chantal Vergouw, member of the Board of Management of KPN and responsible for the Business Market. "It makes businesses unnecessarily vulnerable and exposes them to the risk of significant loss. It can even threaten their business continuity. We want to make the internet safer for businesses. We offer them the filter free of charge because we know just how crucial it is." The results of KPN's latest SME Cybersecurity Monitor (conducted by Motivaction) make it painfully clear why only a small group of businesses are opting for additional measures: 62% of SMEs – wrongly – believe they aren't interesting enough to be targeted by cybercrime.

Poorly prepared
Research shows that three-quarters (76%) of the SMEs surveyed have already experienced cyber threats or attacks. What is striking is that 43% of businesses admit that they are not, or just poorly, prepared for a cyber threat or attack that would make their networks, data and systems inaccessible for over 24 hours. 


One in five of poorly-prepared SMEs say they do not have the time (22%) or resources (22%) to prepare properly. They weigh up the investment necessary against the risks involved. Almost the same percentage of businesses (19%) fail to prepare sufficiently because they believe that attacks are impossible to prevent.

As an addition to this, Chantal Vergouw says: “SMEs should focus on what they are good at: doing business. Cybercrime is becoming more prevalent by the day. Fortunately, more and more simple and accessible resources are being made available to fight it. But nothing will change if businesses don’t start to take the problem seriously.”

The KPN 2023 SME Cybersecurity Monitor
KPN regularly carries out research on the resilience of the Dutch business community. Motivaction conducted the 2023 SME Cybersecurity Monitor on almost 350 SMEs (with 10-250 employees). The results obtained have been supplemented with the daily analyses that KPN generates on cybercrime that targets the business community. KPN shares these insights with customers so that they can take steps to strengthen their online security.