VDL Groep back in business after cyber attack
The head office of VDL Groep in Eindhoven.

VDL Groep back in business after cyber attack

8 November 2021
After VDL Groep itself announced on Thursday, 7 October that it was the target of a cyber attack, the industrial family business with head office in Eindhoven announced today that its 105 operating companies are almost completely in business. By restoring ‘clean’ data from the timely secured backup environment, locally digitally safe environments have been created and all VDL companies have been able to continue to recover their production activities. Thanks to adequate action by our employees, the damage was limited to a maximum of one day’s worth of data loss.

During the monitoring of the VDL networks, deviating activities were identified on Wednesday, 6 October as a result of matters beyond their own control. Thanks to adequate detection, the cyber attacks script came into effect, and all of VDL’s IT systems were immediately disconnected and isolated from the outside world. It is crucial that the backup environment prior to the attack is secured. By disconnecting the systems, the digital attack was halted with the aim of preventing any damage to employees, customers, suppliers and other partners. VDL Groep therefore shut down the networks of the 105 operating companies independently and as a preventive measure immediately after the cyber attack was detected.

President and CEO Willem van der Leegte: ‘Immediately after the attack, a crisis team was formed at the highest level and our own IT department was scaled up with recognised specialists in the field of cyber crime. We have made adequate contact with authorities in this area and at an early stage and as a preventive measure, we reported to the police and reported to the Dutch Data Protection Authority. For security reasons, decentralised systems have been built immediately offline and we have started rebuilding our IT environment. Subsequently, data from our own, “clean” and timely secured backups was restored. Providing decentralised customisation for our 105 separate operating companies is an intensive and time-consuming job.’

Substantial investment programme

In recent years, VDL Groep has followed a substantial investment programme in the field of digitisation, with cyber security being an important part of this. In the meantime, VDL has continuously passed audits and checks by customers and specialists with associated certificates and we have also continuously tested ourselves, also by training employees to make ourselves even more aware of the pitfalls that can lead to a cyber attack.

Our recent experience with the cyber attack has shown that cyber crime has grown into a mature industry, which will continue to benefit from vulnerabilities. VDL continues to raise its ‘dikes’ and also further intensifies the ‘monitoring’ thereof. Although levels of the systems to be secured are being scaled up to an absolute ceiling, we are not under the illusion that a hack can always be ruled out.

Brainport Cyber Resilience Centre
For VDL, cyber resilience is crucial for the continuous strengthening of the innovative manufacturing industry in the Netherlands, all the more so because this sector develops and produces in joint chains. Partly for this reason, VDL is one of the founders of the Brainport Cyber Resilience Centre (CWB). Through this foundation, affiliated companies learn what measures are needed to limit the risks of a cyber attack and what they can do to be as well prepared as possible to overcome an attack. The lines between the participants are short; they ask each other for advice. Affiliated companies receive threat information from the National Cyber Security Centre via the CWB.

Willem van der Leegte: ‘We have received a lot of understanding and support for the fact that, in the eye of the storm, we have prioritised resolving the issue. In addition, we do believe that cybercrime is a socially underexposed theme and that the issue should receive the broad attention it deserves. We will certainly contribute to that debate. We have experienced the overwhelming supportive reactions and the help offered from the region and from home and abroad as heartwarming. We would like to thank everyone for that.’ 

Economic damage

Director Inge Bryan of cyber security company Fox-IT, who assists VDL Groep: ‘Cybercrime now involves an organised and professional industry. The latest estimate of the economic damage as a result of cybercrime amounts to no less than 10 billion euros per year for the Netherlands alone, and this has only increased due to corona. Working from home has made it easier for hackers to penetrate companies’ systems. In that sense, one pandemic has facilitated the next pandemic.’

To give you an idea of the developments around the threat of cyber attacks, cybersecurity solutions provider Check Point Research (CPR) reports there will be 40% more cyber attacks on organisations worldwide in 2021 than a year ago. In September 2021, the average weekly number of attacks against organisations peaked, with more than 870 attacks. That is more than double the number of attacks in March 2020. In the Netherlands, 446 organisations are affected every week, an increase of no less than 86% compared to last year. According to CPR, the most significant explanations for this are the large number of homeworkers and the fact that many new technologies are being implemented in the Netherlands.


The investigation into the background to and the consequences of the cyber attack on VDL Groep’s systems has not yet been fully completed. The impact of the exact costs associated with the attack will be determined during the first quarter of 2022. To not increase future attempts at cyber attacks, no further information is provided regarding the recent hack at VDL Groep. The current and future IT architecture will also not be explained further.

Back to overview