Utrecht – March 3.
As a society, we have become completely dependent on digital infrastructures. From municipalities to hospitals, SMEs to multinationals – without cloud solutions, digital workstations and online collaboration, everything comes to a standstill. But who is really in control of that?
More than half of the Netherlands’ critical digital infrastructure runs on technology from U.S. companies such as Microsoft, Amazon and Google. That’s practical, scalable and innovative. But it also means that our business continuity is in the hands of a few tech giants. And that raises questions:
🔹 What happens if geopolitical tensions lead to restrictions in these services?
🔹 What if a foreign government demands access to sensitive data?
🔹 What if a cyberattack takes down systems and your business is completely dependent on outside parties for recovery?
These are not hypothetical questions. These are real risks facing organizations today. And yet digital sovereignty is often seen as a technical issue. When at its core it is about something very different: control over your own future.
The government now also sees the risks
The cabinet is now investigating whether certain government services need their own sovereign cloud. Secretary of State for Digitalization Zsolt Szabó indicated in the House of Representatives that dependence on U.S. tech companies is a problem: “And research for me simply means that we are moving in that direction.
Experts have long warned that Dutch governments purchase far too many and too uncontrolled digital services from American companies. As a result, sensitive information ends up in the cloud of tech giants such as Amazon, Google and Microsoft, without sufficient consideration of the risks. The Court of Audit previously called this “completely unacceptable.
It is not unrealistic that the US could block access to cloud services in a geopolitical conflict. Szabó warned: ‘This would have a major impact on the whole of the Netherlands and the European Union. Not only for the government, but also for citizens and businesses. Think of office applications that break down, tax returns that can no longer be done, or digital services that grind to a halt.’
The government is now working on a new cloud policy and digitization strategy, but one thing is certain: resilience costs money. It is not feasible – nor necessary – to completely move away from public cloud providers. But a hybrid approach is becoming inevitable.
What does this mean for SMEs? Time to take charge yourself
The government now recognizes the risks and is exploring its options. But what does this mean for entrepreneurs and SMEs? They cannot wait for policies and decisions from above – they need to think about their digital resilience now.
SMEs are often as dependent on large tech companies as the government, but have fewer resources to protect themselves. Especially in this sector, it is crucial to take control of data, IT infrastructure and cybersecurity yourself. The impact of a cyberattack or geopolitical disruption can be disastrous for companies that do not have a plan B.
What can entrepreneurs do?
✅ Understand your dependencies – What cloud providers are you using? What happens if they go down? ✅ Provide hybrid solutions – Combine public cloud with private infrastructure or data centers within the Netherlands. ✅ Take cybersecurity seriously – Don’t wait for NIS2 to force you, but make sure your business is digitally resilient. ✅ Think about continuity – Do you have a Business Continuity Plan? Can you continue working if a cloud service goes down?
SMBs have an opportunity to be proactive and not wait for legislation or geopolitical developments to catch up with them. It’s time to take back the digital reins.
Digital threats: Zero Day is closer than we think
The Netflix series Zero Day impressively shows how vulnerable digital infrastructures are to large-scale cyber attacks. Although the series is fictional, the threats outlined are anything but unrealistic. The scenarios in the series offer a chilling look at what can happen when organizations do not have a sufficient grip on their digital dependencies.
- Cyber attacks as a geopolitical weapon
Zero Day reveals how countries can use cyber attacks as a strategic weapon. What if a geopolitical conflict causes Dutch companies to lose access to critical cloud services? This highlights why complete dependence on foreign cloud providers is a strategic risk. Not only for governments, but also for companies that store all their data in the public cloud.
“Cyber attacks are no longer just an IT problem, but a geopolitical weapon. A disruption of cloud infrastructure can shut down the economy, cripple businesses and disable critical government services.”
- Zero-day exploits: invisible threats already in systems
A recurring theme in the series is the use of zero-day exploits: unknown vulnerabilities in software that can be exploited by hackers before a security update is available. This makes it extra dangerous, as companies often do not discover they have been affected until it is already too late.
“Zero-day exploits show that cyber threats are not always visible. Your IT infrastructure may already contain a vulnerability that is not exploited until a critical moment. That makes it crucial to build in hybrid solutions and additional security layers, so you’re not completely dependent on one platform.”
- Supply chain attacks: you are as strong as the weakest link
In Zero Day, we see how attackers enter indirectly through IT vendors and software partners. This is not fiction: the SolarWinds hack showed how hackers could infect thousands of organizations through one weak link.
“Cyber attacks are not just affecting large companies or governments, but are increasingly coming in through suppliers and IT partners. This means your organization can be vulnerable, even if you think your security is in order. A hybrid IT approach with separate environments and controlled access to data can make all the difference.”
- Ransomware & digital hostages
Zero Day suggests that cyberattacks are designed not only to bring down systems, but also to hold organizations hostage and demand ransoms. In the real world, ransomware is already one of the biggest threats to businesses, with incidents leading to complete business shutdowns and millions of dollars in damages.
“It is not a question of whether you will face a cyber threat, but when. Ransomware attacks are increasing and can completely shut down businesses. Yet many organizations do not have a good Business Continuity Plan. By using hybrid IT solutions and spreading data better, you can minimize the impact of an attack and recover faster.”
- Misinformation & digital manipulation
Another worrying aspect of Zero Day is how hackers not only penetrate systems, but also manipulate data. Suppose financial records or production data are altered undetected – how will you know what is correct?
“Cyber threats go beyond data breaches and system failures. Manipulation of data can be just as dangerous: what if your records or production data are altered without you noticing? Reliable backups and a hybrid IT approach ensure that you always have a secure and verifiable version of your data.”
We are tempted by convenience, but at what cost?
We have become accustomed to the idea that everything can be “in the cloud” and that technology makes our work easier. And it does. But convenience has a downside: it makes us dependent.
Look at the introduction of NIS2, the new European cybersecurity law. In a few months, this law will become a reality and companies will have to demonstrate that they take their digital risks seriously. But how many companies are really already working on this? How many organizations already have a plan in place?
The problem is not that technology is developing too fast. The problem is that we are behind in how we think about it. We still too often take IT for granted, when it should be a strategic choice.
Digital sovereignty is not an ‘either-or’ choice, but a conscious balance
The solution does not lie in a complete break with the public cloud, but neither does it lie in complete dependence. We need to be smarter about our choices. That means:
✅ Look critically at what data you store where – Not all information belongs in the public cloud
✅ Taking control of your digital infrastructure – Is your continuity dependent on a single supplier?
✅ Be prepared for cyber threats – Don’t think: “It won’t happen to us”, but make sure that your company can continue to work, whatever happens.
The question is not whether we will face cyber threats or digital geopolitical shocks, but when. The only real question is: Are we ready?
Perhaps it is time for organizations to be less reactive and proactively define our digital future.
What do you think? Do we see Zero Day as a fictional, entertaining political thriller, or do we draw lessons from it? Will we as SMEs take responsibility and make conscious choices, or will we wait until we are forced to react?
