Cyberattacks in the cultural sector in the Netherlands: what institutions need to know

Known cyber incidents in the Netherlands and internationally 

Some publicly known examples show how big the problem is: 

• Pathé (Netherlands, 2018) – CEO fraud: Dutch management transferred over €19 million to criminals posing as the French headquarters. 
  Source: NOS 
• Utrechts Archief (Netherlands, 2021) – ransomware: server with about 7 million digital heritage files temporarily unavailable. Damage from the hack amounts to tens of thousands of euros. Source: AD 
• British Library (United Kingdom, 2023) – ransomware attack by hacker group Rhysida: 20 bitcoin ransom demanded (approximately £600,000 at the time). The library refused to pay, after which the hacker group leaked 600 GB of data and systems were down for months. Source: InnovationNewsNetwork  
• Gallery Systems (international, 2023) – software provider for museums affected, hundreds of cultural organizations worldwide impacted. 
  Source: PCMag, The New York Times 
• Ticketmaster (international, 2024) – data of hundreds of millions of users stolen. 
  Source: NOS 
• Museum Uffizi (Florence, Italy, 2026) – Hackers infiltrated the museum's computer network and gained access to access codes, passwords, alarm systems, and floor plans. They also stole the online archive, causing parts of collections to be lost. Source: NU 

These incidents show that Dutch institutions are part of a global pattern of cyberattacks. They often occur via phishing, ransomware or data breaches, sometimes through suppliers or software partners. 

The problem we don't see 

Many cyberattacks remain unknown. Organizations often do not share these incidents out of fear of reputational damage, legal consequences, or loss of trust. This makes it seem as though the problem is small. In reality, much more is happening. 

Teams often know there are risks but do not always dare to discuss or report them. Employees are sometimes afraid of making mistakes or being held accountable. As a result, problems remain invisible, making it harder to learn from them. 

An open reporting culture within organizations is therefore important. Employees must be able to trust that they will not be punished if they report an incident or mistake. By doing so, organizations can respond faster and limit damage. 

Openness within the sector is also important. By sharing experiences, organizations can learn from each other and become stronger. 

Cybersecurity as a financial and strategic issue 

For executives, it is important to know that cyberattacks come with significant costs: 

• The British Library spent £6–7 million on recovery. Source: InnovationNewsNetwork 
• Globally, organizations paid over $1.1 billion in ransomware ransoms in 2023. Source: Chainalysis. 
• Indirect costs include service disruptions, extra work, and reputational damage. 

Investing in cybersecurity often prevents much greater damage. It is therefore not an IT expense but a strategic tool to protect continuity and financial losses. 

Cybersecurity affects the entire organization 

Cyberattacks impact more than IT. They affect ticket sales, websites, collections, research, and daily work processes. Therefore, cybersecurity must be discussed at all levels, from employees to executives. 

An open culture, training, and clear processes help teams recognize risks and take action without fear of mistakes. 

Practical steps for cultural institutions 

Dutch museums, theaters, festivals, producers, libraries, and archives can improve their digital security by: 

1. Making risks concrete: use examples like Pathé and British Library, including costs and disruptions. 
2. Creating an open culture: employees must dare to ask questions and report mistakes. 
3. Starting with basics: strong passwords, updates, and backups. 
4. Practicing scenarios: what happens in case of system failure or data breach? 
5. Involving executives: explain that investing in cybersecurity can prevent damage and financial loss. 

From invisible problem to collective approach 

The cultural sector is rapidly digitizing. This offers opportunities but also increases vulnerability. 

Known incidents show what can go wrong. But the biggest risk is what we don't see. Cybersecurity is not an extra IT expense but a collective responsibility to keep Dutch archives, theaters (pop) venues and festivals, libraries, and heritage institutions safe and future-proof.