07/08/2026 | Press release | Distributed by Public on 07/08/2026 09:46
The rapid growth of artificial intelligence (AI) is increasing the risks of cyberattacks. There is a growing risk of phishing and data breaches. The Autoriteit Persoonsgegevens (AP), the Dutch data protection authority, has issued a warning about this in its annual overview of data breaches in the Netherlands. Organisations must take action now and get their digital security in order, according to the AP. Only in this way can they protect people's data against increasingly sophisticated forms of cybercrime.
The risks come from two directions and reinforce each other, much to the AP's concern. Phishing attacks, which AI enables to become increasingly sophisticated, are both a consequence of data breaches and, increasingly, the cause of them.
On the one hand, AI enables criminals to create and send increasingly realistic fake messages (phishing messages
In the case of phishing, cybercriminals send fake emails, often to email addresses obtained through a data breach. This way, they try to obtain information (such as login details) and use this information for gaining access to a network or system.
) to potential victims more quickly and on a larger scale. Among the ingredients criminals use for these targeted, personalised phishing messages is information they have previously obtained following data breaches. For example, the name and contact details of a potential victim, plus the name of that person's bank or a company of which they are a customer.On the other hand, phishing attacks are not only a consequence of data breaches but are also - increasingly - a cause of them. For example, an email containing a fake link that looks genuine can lead to an organisation's employee's account being taken over, after which a larger cyberattack on the organisation begins.
The AP has observed a sharp rise in this type of 'account takeovers': from 607 in 2024 to 1,742 in 2025 - almost a threefold increase.
Taken together, this risks creating a flywheel effect. Criminals can use AI-generated phishing messages to attempt to steal data more frequently and more quickly. They can then feed the stolen data into AI applications, which in turn use it to create new, 'improved' phishing messages. The criminals then use these to try to defraud individuals or employees, and so on. This creates an ever-stronger interplay between data breaches and cybercrime. That is why it is essential for organisations to bring their digital defences up to standard.
A worrying development in this regard is the availability of ready-made 'phishing kits'. These are complete, digital DIY packages that allow malicious actors to get started without requiring too much technical knowledge. These phishing kits are traded online. The AP explores this in greater depth in its latest data breach report.
'We have recently seen a series of major and far-reaching cyberattacks in the Netherlands. AI threatens to make the risks associated with such data breaches even greater,' warns AP vice chair Monique Verdier.
This year, the House of Representatives of the Netherlands has devoted special attention to the issues surrounding data breaches and cybersecurity in committee debates and meetings. At the invitation of the House of Representatives, the AP has provided further clarification on this matter. The implications of the rise of AI for data breaches and cybersecurity show that society's sense of urgency must not fade for a moment - quite the contrary. Verdier: 'Digital security must absolutely be at the top of the agenda.'
Organisations, too, need to address digital security. The AP provides advice on this in its latest report on data breaches, as well as during ongoing consultations with, amongst others, the business community and the government. These developments show just how closely AI, cybersecurity and the protection of personal data are now intertwined. That is why the AP is committed to ensuring secure and resilient digital services so that people can trust that their personal data is properly protected in the digital world.
The AP now expects directors and management teams - particularly in larger organisations - to treat digital security as a top priority rather than an afterthought. Verdier: 'Digital security is a matter for top management. As a director or chair of the board, you also have a social responsibility towards your customers and your staff. And if you want to look at it from a more business-orientated perspective: the costs you'll face following a hack are many times greater than the investment needed to get your digital affairs in order beforehand. Save yourself the trouble of losing customers because you haven't secured their data properly. In short, don't be the next one to be hacked. Get your security in order now.'
Further information can be found in the AP's latest report on data breaches. A total of 39,407 data breaches were reported to the AP in 2025, compared with 37,839 in 2024. Cyberattacks were the cause of 2,428 of the reported data breaches.