-
Financial administration & outsourcing
Entrepreneurs who outsource financial administration reduce the number of administrative tasks and consequently have more time and space to focus on growth.
-
Financial insight
We help you turn financial data into valuable insights that support you in making well-founded decisions. In-depth analyses of your financial situation will help give you a better idea of where you stand and where the opportunities for growth lie, both in the short and long term.
-
Financial compliance
We make sure your company complies with financial legislation and regulations, with correct financial statements, tax reports and other obligations. From our global network, we support you in managing local and international tax risks.
-
Impact House by Grant Thornton
Building sustainability and social impact. That sounds good. But how do you go about it in the complex world of stakeholders, regulations and frameworks and changing demands from clients and society? How do you deal with important issues such as climate change and biodiversity loss?
-
Business risk services
Minimize risk, maximize predictability, and execution Good insights help you look further ahead and adapt faster. Whether you require outsourced or co-procured internal audit services and expertise to address a specific technology, cyber or regulatory challenge, we provide a turnkey and reliable solution.
-
Cyber risk services
What should I be doing first if my data has been kidnapped? Have I taken the right precautions for protecting my data or am I putting too much effort into just one of the risks? And how do I quickly detect intruders on my network? Good questions! We help you to answer these questions.
-
Deal advisory
What will the net proceeds be after the sale? How do I optimise the selling price of my business or the price of one of my business activities?
-
Forensic & integrity services
Do you require a fact finding investigation to help assess irregularities? Is it necessary to ascertain facts for litigation purposes?
-
Valuations
Independent and objective valuations tailored for mergers, acquisitions, and legal matters.
-
Auditing of annual accounts
You are answerable to others, such as shareholders and other stakeholders, with regard to your financial affairs. Financial information must therefore be reliable. What is more, you want to know how far you are progressing towards achieving your goals and what risks may apply.
-
IFRS services
Financial reporting in accordance with IFRS is a complex matter. Nowadays, an increasing number of international companies are becoming aware of the rules. But how do you apply them in practice?
-
ISAE & SOC Reporting
Our ISAE & SOC Reporting services provide independent and objective reports on the design, implementation and operational effectiveness of controls at service organizations.
-
National tax advice
Looking for tax advice in the Netherlands? We help business owners with tailor-made tax advice: from structure and compliance to innovation and sustainability.
-
International tax advice
Plan to do business abroad? Our international tax advice helps you with structure and compliance, as well as offering new opportunities. Strategic, practical, and future-oriented.
-
Private wealth services
Our Private Wealth specialists offer strategic and practical solutions. From tax advice to estate planning and financial scenarios, we make sure you make the right choices today, for tomorrow.
-
Corporate Law
From the general terms and conditions to the legal strategy, these matters need to be watertight. This provides assurance, and therefore peace of mind and room for growth. We will be pro-active and pragmatic in thinking along with you. We always like to look ahead and go the extra mile.
-
Employment Law
What obligations do you have with an employee on sick leave? How do you go about a reorganisation? As an entrepreneur, you want clear answers and practical solutions to your employment law questions. At Grant Thornton, we are there for you with clear advice, from contracts and terms of employment to complex matters such as dismissal or reorganisation.
-
Sustainable legal
At Grant Thornton, we help companies integrate sustainability into their business operations, with sustainable legal at the heart of our approach. We advise on ESG (Environmental, Social, Governance) legislation, and help draft sustainable contracts, implement HR policies, and carry out ESG due diligence in M&A transactions (Mergers and Acquisitions).
-
HR Services
HR is not an aspect of secondary relevance, rather a strategic factor for success. Yet many organisations struggle with issues regarding personnel policy, absenteeism, terms of employment and legislation and regulations.
-
Payroll & wage tax
Payment of salaries is not a simple calculation. Laws and regulations constantly change, and mistakes can quickly cause employees to be dissatisfied or lead to tax risks.
-
Compensation and benefits
The labour market is changing rapidly. Employees want flexibility, a sense of purpose and a good mixture of financial and non-financial benefits.
-
Global mobility services
How can you build and evolve a smart global mobility strategy, with policies and processes addressing the complex challenges of managing an international workforce?
Incidents are becoming more serious and more visible
In the second quarter of 2025, 24 per cent of 4083 surveyed Dutch entrepreneurs and executives in the SME and mid-market segment stated that their organisation had experienced a cyberattack with significant impact. In Q3, this rose to over 30 per cent. In addition to the 30 per cent of companies that have experienced a significant cyberattack, a further 39 per cent reported being affected by attacks with limited impact. This means that nearly 70 per cent of Dutch companies have experienced cyberattacks—a clear sign that the danger is not hypothetical, but real and demonstrating that it truly can happen to any organisation.
Strikingly, the proportion of companies indicating they “do not know” whether they have been attacked remains stable at around 20 per cent. This suggests a lack of monitoring and oversight. Smaller organisations in particular appear vulnerable: they are more often targeted due to limited security capacity, while not always being aware of the severity of the threat.
Threat is recognised, but action is lacking
While in Q2 only 20 per cent of companies expected an increase in cyber threats, this rose to over 31 per cent in Q3. Despite these experiences, 55 per cent of companies believe the threat level will remain roughly the same over the next 12 months. At the same time, the number of organisations that believe the risk will remain unchanged is declining. Perception is shifting, but the translation into action is still missing. External factors such as AI-driven attacks and geopolitical tensions play a role. Hybrid working models also increase the attack surface, especially for SMEs that have not adapted their security to this new reality. Yet the SASI report shows that more than 60 per cent of SME user accounts still do not have Multi-Factor Authentication (MFA) activated. Guest users are often not monitored, which creates additional risks.
Preparedness declines despite increasing threat
In Q2, 64 per cent of companies reported having a comprehensive cybersecurity policy with regular updates and tests. In Q3, this dropped to 54 per cent. The research also shows that 28 per cent of companies rely on basic measures and 25 per cent respond mainly ad hoc to incidents. In 13 per cent of organisations, there is little to no attention paid to cyber resilience. The number of companies that respond ad hoc or have few measures in place is rising slightly. This points to a gap between risk perception and actual resilience. Many SMEs struggle to maintain structured policies due to limited capacity. There appears to be ‘compliance fatigue’ or an underestimation of the necessity. Reactive policy is no longer sufficient: those who wait until something happens are already behind. External analyses show that many SMEs only take action after an incident, leading to higher costs and greater damage.
NIS2: awareness grows, but remains insufficient
The NIS2 directive is receiving increasing attention. In Q3, 35 per cent of respondents were very familiar with the directive and working towards compliance, compared to 24 per cent in Q2. Yet nearly one in five respondents (19 per cent) are barely or not at all familiar. Particularly in sectors without direct supply chain responsibility, the urgency does not yet seem to have fully landed. There is confusion about applicability and obligations, especially for companies indirectly affected by compliance requirements from their clients.
In addition to NIS2, various other regulations require organisations to strengthen their digital compliance. These range from operational resilience in the financial sector (DORA) to stricter rules for AI applications and data sharing (AI Act and Data Act). It is essential for businesses to stay informed about these developments and take timely action to meet the new requirements. Non-compliance may result in fines and reputational damage.
What does this mean for you as an entrepreneur?
The figures show that awareness is growing, but structural action is lagging behind. That is a risk. Cybersecurity is not an IT issue, but a strategic theme. Especially in SMEs and the mid-market, where the impact of an attack is immediately felt, proactive policy is essential.
Would you like to know where your organisation stands?
Contact us for a concrete audit or advisory meeting. Together, we’ll ensure you are resilient against tomorrow’s threats.