Fewer than 30% of Belgian firms have AI policy, 25% update cybersecurity
Fewer than 30% of Belgian firms have AI policy, 25% update cybersecurity
Publish Date: 2026-06-01 05:32:00
Source Domain: www.mobileeurope.co.uk
Using an unordered list, summarize the following article with between 4 and 8 key points.
Proximus NXT Cybersecurity found AI approved for use in day-to-day work, but policies, awareness and cybersecurity strategies are not keeping pace – AI seen more as risk than opportunity
According to the Proximus NXT Cybersecurity report 2026, carried out by Ipsos, 81% of organisations allow employees to use AI tools for daily activities. Yet only 29% have a formal AI policy, with strong differences, depending on company’s size.
Only 25% have adapted their cybersecurity strategy accordingly and only 37% organise AI awareness campaigns for employees on the risks and responsibilities related to AI’s use.
The report also highlights how organisations tend to view AI as a new risk factor than as a strategic opportunity for cybersecurity, although AI is increasingly used to help detect threats and protect the data and systems AI depends on.
In short, the report found that Belgian employees are increasingly encouraged to use AI tools, but governance frameworks, awareness initiatives and cybersecurity strategies are often lagging behind. The results were based on telephone interviews with 403 Belgian organisations (of 10 or more employees) in February 2026.
Cybersecurity need urgent attention
As mentioned, only a quarter of respondents said they have adapted their cybersecurity strategy to accommodate AI, that is, primarily, to better protect against AI-related threats. Yet the survey found that 57% of the organisations Ipsos interviewed had experienced at least one attempted cyberattack in the past year and 20% reported the attack(s) had been successful. This was especially the case in larger organisations.
Social engineering or phishing remains the dominant attack type with 43% of the organisations surveyed reporting attempts. Although just 4% resulted in an incident, 59% of those incidents created financial costs and 17% led to employees being temporarily unable to work.
People and skills remain pressure points
The survey found there is progress in how organisations structure cybersecurity with 74% of respondents saying they have a cybersecurity strategy, although this does not necessarily mean that they feel sufficiently well protected against evolving threats.
While employees can be an entry point for attackers if not adequately aware or trained, 37% of organisations do not run cybersecurity awareness campaigns and 34% report a shortage of internal cybersecurity expertise. This is increasingly linked to the lack of availability of specialised skills rather than headcount.
Compliance with the NIS2 Directive is limited
As cybersecurity regulation becomes more important, many organisations are still in a preparatory phase. Only 15% of respondents say they fall under NIS2 Directive obligations, but two-thirds of them say they are not yet fully compliant.
Fabrice De Windt (pictured), Proximus NXT Lead, observes, “AI is entering workplaces faster than most organisations can formalize the rules, awareness and security measures around it. The result is a growing gap between adoption and protection.
“Cyber resilience is no longer a purely IT topic; it is a strategic responsibility. Organizations need an integrated approach that aligns people, processes and technology, with clear governance and cybersecurity choices linked to AI. At Proximus NXT, we believe our role is to help organisations strengthen that foundation in line with their maturity, risk profile and operational reality.”
The report, How resilient are Belgian organizations?, is the seventh annual Proximus NXT Cybersecurity survey and can be downloaded from here.
