15th Annual e-Crime & Cybersecurity Congress Benelux

Benelux’s Digital Ambitions Undermined Without Robust Cyber Defences

25th November 2025 • Novotel Amsterdam City, Netherlands

Cybersecurity continues to be the missing pillar of many countries’ digital ambitions. What needs to be done?

 

A troubling pattern of vulnerabilities

In July 2025, a serious cybersecurity incident struck the Dutch Public Prosecution Service (Openbaar Ministerie, OM), revealing the fragility of even the most critical national institutions.

As a result of a suspected breach, the OM remains disconnected from the internet indefinitely — a measure taken to contain and investigate the intrusion. Prosecutors are unable to send or receive emails, log in remotely, or even edit or print legal documents. Court proceedings are expected to face delays, and public confidence is under pressure.

This incident is not isolated. It forms part of a broader wave of cyberattacks affecting the Benelux region in 2025.

Luxair (Luxembourg, April 2025): the national airline suffered a ransomware attack that grounded flights for nearly two days. Attackers exploited a misconfigured VPN appliance.

Belgian Ministry of the Interior (May 2025): hackers accessed sensitive documents by exploiting an unpatched vulnerability in the Ministry's document management system.

Port of Rotterdam (June 2025): a supply chain attack disrupted port logistics when malware was introduced via a customs broker’s software update.

Together, these events demonstrate not only growing attacker sophistication but also serious vulnerabilities in public and private digital infrastructure. For CISOs, the implications are urgent and strategic.

• Incident response plans must cover prolonged disconnection scenarios — not just recovery and restoration.
• Visibility into endpoint and third-party environments is vital, especially for government agencies that may be targets of nation-state actors or politically motivated hacktivists.
• Legacy systems and exposed remote access points remain key attack vectors. Regular configuration audits are critical.
• Patch management failures offer easy wins to attackers. CISOs must implement faster update cycles and use attack surface monitoring tools.
• Cyber supply chain risk is a huge challenge. Trust boundaries must be re-evaluated, and vendors continuously assessed.
• Critical operations should be decoupled from external systems wherever possible.
• Slow detection & response are still a problem. CISOs must improve real-time threat detection and internal threat hunting capabilities. The Dutch NCSC discovered the OM breach before internal teams did.
• Crisis management readiness: the OM is still offline weeks later/ Incident response and resilience must go beyond disaster recovery and into sustained continuity planning.

In the Benelux region, governments pride themselves on high levels of digital public service delivery. Corporations also have committed to high levels of digitalisation. But these levels of digitalisation must be backed up by solid security. Without this, public trust in institutions and companies will be eroded, and the benefits of digitalisation will be damaged by the costs of repeated clean-ups.

 

The e-Crime & Cybersecurity Congress Benelux will look at how cybersecurity professionals can stay ahead of a rapidly evolving attack environment.
Join our real-life case studies and in-depth technical sessions from the most sophisticated teams in the market.

View details of the previous event here

  • Making the best use of threat intelligence

    • In a pre-emptive security model, timing is everything — success depends on detecting and neutralizing threats before they become active incidents.
    • To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs).
    • They need external, real-time context about emerging threats — where do they get it?

  • Dealing with regulations

    • CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands.
    • They must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret those differently later.
    • They face unrealistic expectations around incident reporting and they face personal liability. Can RegTech help?

  • Achieving visibility across ecosystems

    • From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape, its connection and data flows and dependencies is a huge challenge.
    • Can you help with asset tracking and endpoint visibility?
    • And what about anomaly detection after that?

  • Defending against the latest ransomware variants

    • Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes
    • The threat and the actors are constantly evolving, and that evolution is forcing the hand of the government and causing havoc in the insurance market
    • What can CISOs do to better defend against ransomware?

  • Improving continuous attack surface discovery

    • You need to know what attackers can see and what they can actually attack – and you need it on a continuous basis, not in some static inventory.
    • Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context.
    • Is this feasible and is it cost effective?

  • Adversary simulation and behavioural analysis

    • Automated adversary simulation identifies telemetry blind spots.
    • They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROIs as well as providing board and audit reporting.
    • How well do they work in practice?

  • Why zero trust, isolation and segmentation are key

    • There has been a shift in recent attacks away from the theft of data – now threat actors are concerned with interrupting all operation activity.
    • It is now critical that business functions are separated, and that internet access to OT networks is limited.
    • Can security teams keep up with sophisticated foes? 

  • OT and the regulations

    • DORA, NIS2 and other regulations put more responsibility for resilience on firms deemed important or critical.
    • Many have focused on IT networks but the regulations include all resilience and so OT environments matter. 
    • What does this new emphasis from regulators mean practically for OT security?

  • Security Posture Management

    • Traditional vulnerability scanners don’t handle cloud native architectures well.
    • Today’s cloud environments spin up thousands of ephemeral assets without a traditional OS, without an IP address for long.
    • So how do you adapt to that dynamic, API-driven reality? How can traditional tools connect the dots – not just generate tickets?

  • The power of automation

    • There’s too much manual intervention in security.
    • SOAR pulls data from SIEMs, EDRs, firewalls, cloud APIs, ticketing systems, threat intelligence feeds, and even email servers.
    • It also coordinates actions across tools via APIs and prebuilt integrations and intelligent playbooks.
    • Well, that’s the theory. How does it work in the real world?

  • Transitioning OT to the Cloud?

    • OT traditionally was localized in particular sites and air-gapped from IT systems.
    • But connectivity with broader corporate networks and the need to manage technology more centrally (especially during COVID) has seen companies looking at managed services in the Cloud for OT.
    • Is this a way forward?

  • Pen testing for OT / SCADA

    • Testing is key to identifying and fixing vulnerabilities before they're exploited. 
    • Regulations like NERC CIP require utilities to assess and mitigate risk. 
    • Testing checks OT security controls are functioning properly and shows regulators an organization's commitment to security.Can you help?

Who attends

Job titles

Senior Cloud Engineer
Cybersecurity and Privacy Audit Manager
Manager
Information Security Officer
Senior Information Security & Business Continuity Risk Manager
Senior Director, Global Head of Information Security
Senior Manager, Cybersecurity Consulting
Deputy CIO Cybersecurity
Advisor
Chief Information Security Officer, Benelux
Security Specialist
Manager Group Operational Risk Management
Security Officer
Security specialist
Senior Threat Intelligence Analyst
Director IT engineering
Sr. Manager ICT, CISO, Information Security & Privacy
Management – Non-Financial Risk Officer - IRM
CIO
OT Cybersecurity Lead Engineer
Director Threat Intelligence and Vulnerability Management
Senior Information Systems Control Specialist
IT Manager
Senior Cyber Security Expert
Senior Compliance Specialist Cyber Security
Senior DevOps/DevSecOps Engineer
ICS/OT Security specialist
IT Risk & Security Manager
DevOps Engineer
Information Security Manager
Director, Cyber Security Strategy
Director Global Security Investigations
Information Security Analyst
Information Security and Privacy Officer
Information Security and Privacy Manager
Security Engineer
IT Risk Manager / Operational Risk Manager
Manager IT Infrastructure & Operations
Cyber Security Engineer
Security Engineer
Senior IT Auditor
Information Security Advisor
CISO
Head of Security Benelux
CISO IT Wizard
Cyber Threat Intelligence
Senior Underwriter Chubb Pro ICT
Regional Information Security Officer
Global Security Operations Coordinator
Information Security Officer
Cyber Threat Intel (CTI) Analyst
Senior Information Risk Manager
CISO
Senior Cybersecurity Consultant
Global Vulnerability Management Lead
Senior Business Security Analyst
Intel Analyst
Chief Information Security Officer - South and West Europe
Manager Security Investigations
Senior Information Security Officer
Information Security Officer
IT Risk & Security
Risk, Audit and Compliance Manager
IT Compliance Advisor
Head of Cyber Security EU, APAC & LATAM
Director Security & Information Assurance
Cyber Security Officer
Security Engineer
Team coordinator Information Security Service Municipalities
IT Compliance Manager
Senior Information Security Analyst
Cyber and Application Security Architect
Expert Security Architect
Project Manager
Philips Group Security - Regulatory & Standards
Lead security management specialist
Cybersecurity Officer
Senior Security Manager
Director IT Audit
Security Process Manager
CISO ai
Security Coordinator
Adviseur informatiebeveiliging
Chapter Lead Security & Reliability
Information Security Risk Analyst
Travel Security & Intelligence
Ethical Hacker
Ethical Hacker
DLP Engineer
Senior Technical Consultant
Business Partner (Cyber Security)
Product Owner Channel Security
Principal Network Security Compliance
Internal Audit Manager
Information Security Expert
Group IT Audit Manager
Information Security Officer
Information Security Architect
Cloud & Security Architect
Non-Financial Risk Officer
Regional Information Security Officer
Cloud Engineer
Domain Expert
Cybersecurity Engineer
Advisor International Cooperation
Cyber Threat Intelligence
Group CISO
Relationship Manager
Solutions Architect IDM/Security
Technical Security Engineer
CISO
CISO Officer
Security Specialist
CISO
Head of Customer Security
Director Of Security
Team Lead Security Process & Tooling
Risk Manager NGDA
Enterprise Security Director - Europe
Information Security Advisor
Risk & Security Analyst
Data Scientist
CISO
Senior Principal Cyber Risk Engineer

Companies

Brenntag Holding
Booking.com
IQ-EQ
Handelsbanken
ABN AMRO
Santen
PwC
NATO Communications and Information Agency (NCIA)
Ministry of Security & Justice Netherlands/Ministerie van Justitie en Veiligheid
Allianz
Heineken
NN Group
Belastingdienst
Belastingdienst
Signify
Euroports
Nippon Seiki Group
ING
Euroports
A.P. Moller - Maersk
Liberty Global
AKBank
ING
Telenet Group
IDEXX
ABN AMRO
Rijkswaterstaat
Van Ameyde Group
Rabobank
BCD Travel
Liberty Global
American Express
FedEx
LeasePlan Corporation
FedEx
EVBox
ING
Remeha
Telenet Group
NN Group
ABN AMRO
FedEx
Transdev
Ericsson
ABN AMRO
Signify
Chubb
Handelsbanken
Signify
Belastingdienst
Signify
NN Group
Tinka
FedEx
NXP Semiconductors
Booking.com
Financial Services Information Sharing and Analysis Center (FS-ISAC)
Building Materials Europe (BME)
American Express
Nationale Nederlanden
NN Group
NIBC Bank
AT&T
FedEx
Americold Logistics
Keller Group plc
Transdev
Booking.com
VNG The Association of Dutch Municipalities
FedEx
FedEx
KPN
Nike
AstraZeneca
Philips
Swift
Akzo Nobel
Knab
Liberty Global
ABN AMRO
Nederlandse Zorgautoriteit
Canon
Ministerie van BZK
ABN AMRO
Allianz
Signify
The Global Fund
World Health Organization
ABN AMRO
Proximus
IKEA Group
ABN AMRO
AT&T
Liberty Global
ABN AMRO
ERIKS
Algemene Pensioen Groep
Schuberg Philis
Yokogawa Engineering
ING
Randstad Group
NN Group
ABN AMRO
ING
NCSC-NL
Signify
Euroports
Ministry of Economic Affairs and Climate Policy - Netherlands
Achmea
Transdev
FD Mediagroep
KLM Royal Dutch Airlines
Politie Nederland
Veiligheidsregio Gelderland-Zuid
Swift
Gala Games
ABN AMRO
LeasePlan Corporation
Ericsson
Belastingdienst
Van Ameyde Group
ABN AMRO
Booking.com
Chubb

Industries

Commercial Chemicals
Travel/Leisure/Hospitality
Banking
Banking
Banking
Pharmaceuticals
Accounting/Auditing
Central Government
Central Government
Insurance
Food/Beverage/Tobacco
Banking
Central Government
Central Government
Manufacturer
Transportation/Shipping
Automobiles/Parts
Banking
Transportation/Shipping
Transportation/Shipping
Telecommunications
Banking
Banking
Telecommunications
Biotechnology
Banking
Central Government
Insurance
Banking
Travel/Leisure/Hospitality
Telecommunications
Banking
Transportation/Shipping
Automobiles/Parts
Transportation/Shipping
Automobiles/Parts
Banking
Manufacturer
Telecommunications
Banking
Banking
Transportation/Shipping
Transportation/Shipping
Hardware
Banking
Manufacturer
Insurance
Banking
Manufacturer
Central Government
Manufacturer
Banking
Banking
Transportation/Shipping
Software/Hardware
Travel/Leisure/Hospitality
Banking
Construction
Banking
Insurance
Banking
Banking
Telecommunications
Transportation/Shipping
Transportation/Shipping
Construction
Transportation/Shipping
Travel/Leisure/Hospitality
Regional Government
Transportation/Shipping
Transportation/Shipping
Telecommunications
Retail
Pharmaceuticals
Electronic/Electrical Equipment
Banking
Commercial Chemicals
Banking
Telecommunications
Banking
Central Government
Electronic/Electrical Equipment
Central Government
Banking
Insurance
Manufacturer
Charity
Charity
Banking
Telecommunications
Retail
Banking
Telecommunications
Telecommunications
Banking
Industrial Engineering
Insurance
Software
Manufacturer
Banking
Consultancy
Banking
Banking
Banking
Association
Manufacturer
Transportation/Shipping
Central Government
Insurance
Transportation/Shipping
Media
Transportation/Shipping
National Law Enforcement
Charity
Banking
Casinos/Gaming
Banking
Automobiles/Parts
Hardware
Central Government
Insurance
Banking
Travel/Leisure/Hospitality
Insurance


Venue

Novotel Amsterdam City

novotel

Location:
Novotel Amsterdam City
Europaboulevard 10, 1083 AD Amsterdam, The Netherlands
Telephone: +31 20 541 11 23

Directions:
Please click here