The figures are shocking, but unfortunately not surprising: Research by ABN AMRO and MWM2 among 788 Dutch companies shows that about one in five organisations reported damage after a cyber attack in 2024, with an average damage of €300,000 per incident. This involves not only data breaches or ransomware, but increasingly misuse of accounts, credentials and access rights.

This trend is directly related to the core of Identity & Access Management (IAM). At Joinly, we see daily how vulnerable organisations become if identities and access are not strictly organised — and how quickly damage can occur when this is not in order.

The main cause: misuse of accounts and weak access

Cyber attacks are no longer about hacks or breaches on systems but breaches on accounts, most incidents arise from:

• Accounts without Multi-Factor Authentication

• Excessively broad access rights

• Unused accounts that are still active

• Shared accounts without monitoring

• Incorrect offboarding upon departure or internal change

Criminals don't need complex malware when they can simply gain access via an old account or unsafe login.
And this explains why the average damage per incident is so high:
once inside, you can access everything.

Why this is particularly an issue in the Netherlands

Dutch organisations have relatively quickly embraced cloud systems, SaaS services and hybrid environments. This is positive for flexibility but also increases attack vectors, especially when IAM does not keep pace.

Additionally, many companies have multiple suppliers in the chain who receive (temporary) access to systems. If those accounts are not properly monitored or revoked, they remain a risk.

The main question is not:
"Are we ever interesting to hackers?"
but:
"How many doors are ajar without us knowing?"

IAM is the solution, but it must be structural and automated

IAM is not a project, not an implementation and not a one-time measure. It is a continuous process.
And that's where it often goes wrong.

An organisation can implement MFA, but if former employees still have active accounts, that solves nothing. Identity governance can be set up, but if rights are not automatically withdrawn upon role changes, it remains a patchwork.

What is needed is:

• Automatic onboarding & offboarding

• HR-driven provisioning to ensure identities are always correct

• Automatic withdrawal of rights during changes or departure

• Consistent policy between AD, Entra ID, cloud apps and on-premises systems

• Insight into who has access to what

This must not be done manually, must not rely on IT emails, and must not be scattered across different departments.

How Joinly protects companies from such damages

Joinly automates the entire identity lifecycle management — ensuring the basics are always in order.

With Joinly:

• Accounts are automatically created, modified and deleted based on smart rules.

• Processes are reliable, reproducible and not dependent on manual work.

• No ‘forgotten accounts’ are left behind that can be exploited.

• You can easily enforce strict MFA, Conditional Access and governance rules.

• You can migrate from AD to Entra ID without rebuilding IAM processes.

Every organisation working with Joinly reduces the risk of the most common cyber incidents in one fell swoop.

And that is not a luxury — but an urgent necessity, given the figures.

Conclusion

The reality is: cybercrime is increasing in the Netherlands and costs companies hundreds of thousands euros on average per incident. In almost all cases, identity and access management plays a key role.

By automating and professionalising IAM, you prevent weak access and forgotten accounts from leaving the front door wide open.

With Joinly, we help organisations to make that foundation strong, secure and future-proof so that cybercriminal opportunities are minimised.