Cybersecurity Report 2026: What are Belgian companies revealing?

"Like many cybersecurity professionals and CIOs, I look forward every year to what has now become a classic: the report on Proximus NXT’s annual cybersecurity surveyOpens a new window . What makes the report unique is its focus on the Belgian market. Macrotrends are important but, as an organization, you also want to know whether your own situation is consistent with that of other local players. After reading this report, every company – from SME to multinational – will definitely have gained new insights that they can put into practice. These are the three figures that stand out to me this year."

1. One in five Belgian organizations experienced a cybersecurity incident in the past year.

"Every incident is still one too many, but nevertheless, there is a positive trend: five years ago, one in three respondents reported an incident. The fact that an increasing number of companies say that they have rolled out a cybersecurity strategy is definitely a contributory factor here. At the same time, the figures need to be qualified somewhat. From my experience in the field, I’ve noticed that companies are setting the bar higher, these days, for what they classify as a cyber incident. Unfortunately, the number of attacks isn't decreasing either, although they are increasingly targeting specific objectives.

One thing is certain: the higher the level of cybersecurity maturity, the better organizations are able to fend off or neutralize these threats."

Wouter Vandenbussche, Cybersecurity Services Lead at Proximus NXT

2. One in four organizations have adjusted their cybersecurity strategy in response to recent AI developments.

"For the first time, we’ve dedicated a section of our questionnaire specifically to the use of artificial intelligence. While AI has now become fully integrated into our work processes, this does not yet appear to be the case with cyber risk management. It is striking that only a quarter of organizations have implemented an updated policy but, at the same time, this is not unexpected.

It confirms that many companies are finding it difficult to keep up with the rapid pace of development of AI applications from a cybersecurity perspective. However, a policy does not have to be complex. A good place to start is by analyzing how employees use AI. Based on those findings, you can develop a policy and organize internal awareness campaigns."

Wouter Vandenbussche, Cybersecurity Services Lead at Proximus NXT

3. One in three organizations face a shortage of cybersecurity expertise

"The shortage of cybersecurity expertise has decreased compared to our previous survey. At the same time, today’s shortage is less about the number of available candidates and more about having the right skills. As a result, we often see a hybrid approach, in which external IT partners fill in the gaps in knowledge and expertise within the internal organization."

"If I could offer one piece of advice based on this report, it would be to approach cybersecurity from both a top-down and a bottom-up perspective. Because it’s about both the big picture – with an overarching, guiding strategy – and identifying and addressing everyday risks and threats. Both approaches are crucial to developing a successful cybersecurity strategy."