The cyberattack that cost Antwerp nearly 100 million euros continues to haunt the digitization-focused Belgian city, even six months after the event. The incident’s aftermath persists, painting a grim picture of cybersecurity neglect and its far-reaching consequences.
Hop onto the city’s official website and you’ll find a dedicated section on the cyberattack. Updated weekly, it serves as a sobering chronicle of the city’s ongoing struggles. These range from minor nuisances to significant setbacks in processing environmental permit applications.
The city has yet to fully grasp which personal data has been compromised, prompting alerts about potential phishing and identity fraud. The Flemish government had to step in with emergency measures to prevent administrative snafus and stave off deadline breaches.
The High Cost of Neglected Cybersecurity
The hefty price of the attack, the brainchild of hacker collective Play, has been eye-wateringly high. Restoring services – getting “the crashed car back on the road,” as Mayor Bart De Wever aptly described it – necessitated the allocation of 11 million euros. This was funds earmarked for cybersecurity investment in 2021, following several unfavorable audits highlighting a shortfall in digital security provisions.
Now, the city is staring down the barrel of an 84-million-euro outlay for ‘cyber program 3.0’, while it was only aiming to deploy program 1.0 pre-hack. A bulk of this (48 million euros) is earmarked for bolstering cybersecurity, with an additional 36 million euros to hire extra personnel and IT consultants.
The Fiscal Fallout
The city had penciled in a review of its savings for the summer, but the cyberattack upended these plans, pushing the appraisal to the fall. As Green council member Niel Staes grimly observed, this has resulted in a ‘financial bloodletting’. His worry? Yet another stringent budgeting exercise. Meanwhile, Digipolis, which handles digital services, can only channel 64 million euros within the existing multi-year plan up to 2025.
Mayor De Wever, while acknowledging the city’s ample investment in traditional security measures, highlighted the new, insidious threats lurking in cyberspace. Budget Minister Koen Kennis earlier estimated the attack’s cost at 70 million euros, surpassing the combined expenditure for COVID-19 and accommodating Ukrainian refugees.
In the end, Antwerp’s ordeal underscores a crucial lesson for all cities and organizations moving towards digitization – cybersecurity is not an area to skimp on. It’s a matter of when, not if, cyber threats will strike.