The Netherlands has secured its spot as Europe’s top cybersecurity hub, with thousands of companies working to develop cybersecurity technology and a supportive legal and regulatory framework based around the 2013 National Cyber Security Strategy 2.
There are more than 400 cybersecurity companies in The Hague alone, and more than 6,000 IT companies working on security-related technology in the country, according to the Netherlands Foreign Investment Agency. The crowded market has resulted in a rich ecosystem of collaboration and innovation, as cybersecurity companies explore new ways to apply emerging AI, automation, analytics and collaboration technology that business leaders can’t afford to ignore.
The COVID-19 pandemic accelerated digitisation, as businesses shut their doors and millions in the Netherlands were suddenly working from home, far from the secured networks of their usual workplaces. The situation has exacerbated cybersecurity risks.
“The main way we predict cybersecurity will develop over the next few years is a direct result of the acceleration of digitalisation,” said Pieter Jansen, CEO of Cybersprint, based in The Hague. “More features, channels, and usability cause organisations’ attack surfaces to grow at a rapid pace. Consequently, IT teams are challenged to keep track of an increasing number of digital assets, while also being responsible for maintaining the security and incident prevention.”
Cybercriminals took advantage of the opportunity to access confidential and valuable data with large-scale cyberattacks targeting hundreds of Dutch enterprises and a 93% increase in ransomware attacks this year alone. The Kaseya “mega attack” combined ransomware and supply chain attacks and impacted Dutch IT companies like VelzArt and Hoppenbrouwers, and the data breach at car-services company RDC made the sensitive personal data of millions of Dutch car owners available on a notorious hacker forum.
The devastating 2021 SolarWinds trojan attack, meanwhile, left over 18,000 organisations worldwide scrambling to secure their assets. As every part of society continues to move into the digital sphere, there’s no end in sight to cyberattacks, and companies need to be vigilant about choosing innovative security tools.
“Cyberthreats continue to evolve rapidly, in part by an increasingly polarised and tense geopolitical stage. Ransomware, democratic influence, espionage, and economic theft are among the most notable rapidly-evolving threats,” says Joep Gommers, founder and CEO of Amsetrdam-based EclecticIQ. “Intelligence-led cybersecurity strategies have become the de-facto standard in combating these threats, ensuring that cybersecurity efforts align with threat reality.”
It’s never too late for business leaders to start integrating cybersecurity protocols into their everyday operations. “Start with basic principles and build from there. Empower employees that already have knowledge about this and get them the budget and people they need to make the company more secure,” advises Erik Ploegmakers, CEO of Amsterdam-based ZeroCopter. “Don’t try to reinvent the wheel, but find help where needed. And last but definitely not least: security is a mindset, lead by example.”
Here are six innovative companies offering cybersecurity technology in the Netherlands today:
CEO: Erik Ploegmakers
Zerocopter uses the brainpower of over 3,000 researchers that find, validate, and vet threat information and share it to a user-friendly platform where business leaders can communicate directly with the ethical hackers who identified risks. Zerocopter innovates by enabling companies to create a threat disclosure programme, so any vulnerabilities that are found can be reported and addressed efficiently by your security team, without the need to set up your own security infrastructure.
“We see a shift from companies needing to have security controls in place for compliance reasons to those that truly want to be secure,” Ploegmakers says. “There is less need for formal and extensive reports (that have too often been ignored), since enterprises prefer fast, continuous, and actionable insights. Especially tech companies actually care about building their products in a secure way from scratch and need help with that, rather than trying to fix things when it’s already too late. This relates well with our business model, which is to connect these enterprises with the best hackers and have them work together as efficiently as possible.”
CEO: Joep Gommers
EclecticIQ’s Intelligence Center pipeline combines automated data processing and human-powered threat analysis. Data collection is automated, with incoming data prioritised and contextualised. The data is consolidated in a diverse array of formats to foster collaboration, and team members can work together to investigate threats from a collaborative workspace. The Analyst Workbench features graphical link analysis and advanced search queries. In 2022, the company will launch a new product designed for companies and organisations to not just understand and manage data about cyberthreats, but also detect and respond to them efficiently.
Governments, critical infrastructure, and enterprises have selected EclecticIQ as a security vendor, and the company was recently chosen to collaborate with the European Investment Bank as Europe implements a new version of the Network Information and Security Directive. “We are excited about the opportunity to support greater Europe’s governments and critical infrastructure as they implement NIS2,” Gommers says. “To strengthen the cybersecurity posture in Europe, we need to grow the ecosystem and have a plethora of strategically-independent technologies available in Europe. Shared goals, talent, start-ups and scaleups, intellectual property, capital, partnerships and communities are all critical dependencies of a successful ecosystem.”
Headquarters: The Hague
CEO: Pieter Jansen
Cybersprint’s integrated AI monitors a company’s brand, supply chain, infrastructure, and VIPs to report vulnerabilities in real time. The Digital Risk Monitoring Platform monitors and detects vulnerabilities not only across connected networks, but also on social media, mobile apps, the dark web, and IoT devices. The software protects companies’ out-of-date or long-forgotten pages and servers from cybercriminals by sharing a summary of all publicly-accessible websites that are part of an organisation. The platform sets itself apart with AI supported by analyst interaction, machine learning, big data, and data visualisation techniques to report actionable insights to users. Among Cybersprint’s clients are government agencies, financial institutions, insurance companies, and critical infrastructure organisations.
“With the current trend of information being available on demand, organisations are in need of data that doesn’t require their input, and is integrated into their existing processes. No matter whether it’s on internal shadow IT, external supply chain risk, or anything in between,” Jansen says. “This process requires a shift in perspective. Looking from within the organisation at ‘what is out there’ will inevitably lead to blind spots and weaknesses, and becomes impossible to do manually. That’s why we see promise in two areas of development: scalability and automation. It’s something we have embedded into our own processes and services as well: automate everything.”
CEO: Bozhidar Bozhanov
LogSentinel is a security data and event management system to monitor and respond to threats in an organisation’s digital assets. Its AI- and blockchain-powered service offers log privacy, audit log integrity, and unlimited retention: the integrity of the logs are ensured by blockchain-based cryptography, so entries are tamper-proof and can’t be changed or deleted. LogSentinel uses behaviour analytics to identify and prevent insider threats, and all activities are fully traceable, so each user has a visible overview of actions.
The security information and event management system requires no set-up and uses an open-source agent, so it is flexible enough to work with any other security system. LogSentinel’s team are specialists in regulatory technology to make sure that tools align with legal compliance requirements: cryptography makes evidence from the system usable in forensic investigations and court proceedings.
CEO: Peter Kolarov
Crayonic’s KeyVault is designed to guarantee a user’s identity. The most popular use of the KeyVault is to provide Windows domain authentication for enterprises: instead of providing a password, users can just tap on the fingerprint sensor, which is connected by Bluetooth or the USB port, offering secure multi-factor authentication. Unlike an authentication app on your mobile device, which has the ability to run malware and can be exploited by cybercriminals, the KeyVault device operates completely offline and offers zero-knowledge identity proof that doesn’t disclose unnecessary personal data.
Other uses for the KeyVault include creating a signature for electronic documents, verifying a user’s identity according to the FIDO2 standard for an operating system or browser, storing extremely sensitive documents or password managers, and generating one-time passwords.
The KeyVault also uses behavioural biometrics to provide what it calls “proof of free will,” meaning that the device confirms the user’s identity as well as their intent to authenticate a transaction, so you know authorisations were not made accidentally or under duress.
CEO: Wouter Klinkhamer
Emails, which contain immense amounts of sensitive information, are a common point for accidental data leakage as well as malicious cyberattacks. Zivver created an enterprise-grade communications platform designed to make sending emails, chatting, and transferring files more secure. The product stands out for an intuitive design that doesn’t result in disruption for the user, unlike complicated encrypted email programmes — your team simply toggles on a slider in Outlook to move into secure email mode. The software scans for unusual behaviour in the content of emails, such as a note with confidential company data being sent to a personal contact, or sensitive personal information being sent to a brand-new contact. Every email is secured with asymmetric encryption that is ISO-certified, and users can opt in for 2-factor authentication for highly sensitive communications.
Zivver offers a range of original features, like the open conversation starter, which enables guest users within the secure email environment to start a dialogue with a registered Zivver user in any company. The product can also help users retrieve emails sent by mistake and share whether or not they have already been read. Zivver offers a file transfer size limit that is previously unheard of (up to a whopping 5TB), which is one of the reasons why the product is a favourite among healthcare companies in the Netherlands that need to share important medical images like X-rays at full definition.