The Cyber risk at the heart of all attention

25 years of Cyber threat evolution

• 2007: The rise of malware toolkits quadruples the number of malware in a single year, increasing from 167,000 in 2006 to 710,000 in 2007. By 2010, this number skyrockets to 286 million.
• 2010: The emergence of Stuxnet, the first malware targeting OT networks, marks the entry of cybersecurity into the geopolitical era.
• 2015: 45% of attacks are unknown, escaping traditional databases.
• 2016: Belgium experiences a massive wave of crypto ransomware, a phenomenon that continues to this day.
• 2018: The implementation of the GDPR establishes the first structured regulatory framework for cybersecurity.
• 2020-2021: The COVID-19 pandemic is exploited by cybercriminals through social engineering attacks, particularly affecting the healthcare sector.
• 2022: The war in Ukraine and tensions in the Middle East reveal an undeniable reality: cyber warfare is a strategic component of modern conflicts.
• 2024: The NIS2 directive is transposed into Belgian law with the Cyfun framework from the CCB, marking a new era of compliance and resilience.

A concerning reality

These events have taught us two essential lessons:

1. What seems established is constantly evolving. Nothing is set in stone in cybersecurity.
2. Cybercriminals have become seasoned professionals, motivated by financial gain or state strategies.

However, companies, especially SMEs, are still struggling to integrate cyber risk into their overall strategy. And yet, in 2025, cyber-attacks spare no one, and cyber-resilience has become an imperative.

In an unstable economic environment, cybersecurity investments are often seen as secondary. However, it is precisely a return to fundamentals that enables us to face these threats. In these difficult times for the old continent, NIS2 specifically aims to strengthen the resilience of organizations and the European economy.

Although the directive focuses on critical sectors, it also requires rigorous management of supply chain risks. As a result, every company, whatever its size, must make cybersecurity an integral part of its business model.

An opportunity… and pitfalls to avoid

With the implementation of NIS2, the cybersecurity market risks being flooded with opportunistic offers: miracle solution vendors, underqualified consultants, and alarmist rhetoric. Relying solely on technology is a dangerous illusion.

A true cybersecurity strategy is based on a thorough risk assessment, integrated with corporate governance. It's time for management committees and boards of directors to treat cybersecurity with the same seriousness as other strategic risks.

The InCyber and CyberSec trade shows: two key events

The InCyber trade show in Lille in April and CyberSec at Heysel in May are expected to see a high turnout. For visitors, the challenge will be to distinguish fact from fiction, identify the right partners, and resist the temptation of simplistic solutions.

One piece of advice: take a step back, don’t focus solely on technology, and most importantly, start by assessing your risks.

MCG, your partner in Cyber resilience

At MCG, our constant technological monitoring allows us to guide our clients toward effective and pragmatic cybersecurity, aligned with their business challenges.

We will be present at the InCyber and CyberSec trade shows. At the latter, we'll be delighted to welcome you to our stand and to our conference sessions. Come and talk to us, and find out how to build a robust cybersecurity policy tailored to your organization.