More than half of Belgian companies do not use the most basic cybersecurity measure, according to a survey by the Centre for Cybersecurity Belgium (CCB).
Despite growing cyber threats, the CCB survey found that most companies still don't use a two-step (2FA) or multiple-step (MFA) verification process, where two or more pieces of information are required to prove a person's identity when logging in to an online account.
The news comes just days after the telecom operator, Orange, announced that it was the victim of a cyber attack where the private data of thousands of its Belgian customers was hacked.
The survey data was particularly "striking" as while only 46.4% of the surveyed companies implemented a 2FA, around 70% of them considered it "quite likely to very likely" that they would be targeted by cybercriminals in the near future.
"These figures and the number of incidents are very worrying," said Managing Director of the CCB, Miguel De Bruycker. "In about half of our incident response interventions, we find that 2FA or MFA is not used or only partially used."
According to the CCB, every day at least one Belgian company falls victim to a cyberattack, often due to phishing scams or the lack of proper authentication measures.
"2FA is not a guarantee, but it makes a huge difference. Over 80% of current incidents could have been prevented with the correct implementation of this single, essential measure," the CCB explained in a statement to the press.
The cybersecurity centre calls for companies to upgrade their security by implementing a 2FA, underscoring that this change is typically not complex or expensive.
"In a digital environment where password hacking is considered a real threat by 58% of companies, 2FA should be an absolute minimum measure," De Bruycker concluded.
The CCB study was conducted in July 2025 and included data from 250 companies in Belgium.
