From Detection to Control: How Dutch Organizations Are Redefining Endpoint Security for Resilience and Digital Sovereignty

For more than a decade, the global cybersecurity industry has focused on one central goal: detecting compromise faster. But the real issue is not just detection. It is how the endpoint is designed.

EDR, MDR, XDR, threat intelligence, and AI-driven analytics have all been added to increasingly complex security stacks. Organizations keep layering on new tools to respond to new threats. At the same time, ransomware risk continues to grow as Ransomware-as-a-Service makes attacks easier to launch.

This is not because of a lack of expertise. Security leaders are highly capable. The real challenge is a layer we have stopped questioning: the endpoint.

Why the Dutch market cannot ignore this shift

The Netherlands is one of Europe’s most digitalized economies, consistently ranking among the top EU countries for connectivity and digital adoption. This creates clear benefits but also increases exposure.

For example, the threat landscape across the Netherlands continues to intensify. In 2024, at least 121 unique Dutch ransomware incidents took place and one in 5 Dutch companies suffered cyberattack-related harm.

Alongside these risks, regulatory pressure is increasing. The Dutch Cybersecurity Act, which was ratified in April 2026 and implements the European Union (EU) NIS2, places new requirements on governance, accountability and incident reporting. The EU’s Digital Operational Resilience Act (DORA) introduces similar expectations in financial services, requiring these organisations to withstand, respond to, and recover from cyber incidents and IT disruptions.

The message is clear: The Netherlands is not only a digital leader but also a high-value target. Current endpoint models are struggling to keep pace with both threats and regulations.

Why the current model falls short

Modern cybersecurity strategies assume that endpoint compromise will eventually happen. This is largely because endpoints are built as open, flexible platforms that support many different use cases.

This flexibility comes at a cost. It increases complexity and expands the attack surface.

Security teams are now operating in a difficult environment:

• Attackers move faster and automate more effectively
• Complexity grows faster than visibility
• The number of security agents continues to increase
• Recovery remains costly and time consuming

The more complex the endpoint, the harder it becomes to secure and recover. Simply adding more tools will not solve this problem.

The shift toward operational resilience

Across the Netherlands and Europe, cybersecurity strategy is shifting toward operational resilience.

Regulations such as the aforementioned NIS2 and DORA are not only about preventing attacks. They focus on keeping systems running, recovering quickly, and limiting disruption when incidents occur.

This reflects a broader shift in thinking. The next phase of cybersecurity will not be defined by adding more controls on top of complex systems. It will be driven by simplifying the endpoint itself, improving recoverability, and designing resilience from the ground up.

This is where purpose-built endpoint operating systems play a critical role. By replacing general-purpose environments with controlled, immutable endpoints, organizations can drastically reduce complexity and eliminate many common attack paths.

Leading organisations are already moving in this direction. They are simplifying endpoints by adopting immutable operating models, centralized governance, and architectures designed for rapid recovery.

This approach ensures that only explicitly approved applications and services are allowed to run. By removing persistence and reducing dependency on multiple endpoint agents, organizations can contain threats more effectively and recover faster.

At the same time, this shift is redefining digital sovereignty. In the Dutch and wider European context, resilience is about maintaining control. Organizations need to operate independently and meet strict security, governance, and data protection requirements under NIS2 and DORA.

Reducing dependency, exercising control over endpoint operations, and centralising management collectively endorse this objective. These measures serve to enhance both resilience and sovereignty, thereby enabling organisations to operate securely and predictably even under pressure.

Customer example: COIN Availability Services

This transformation is already delivering measurable value.

COIN Availability Services, a specialist in business continuity, ensures that organizations have fully operational disaster recovery workspaces, allowing them to continue working without interruption when their regular locations become unavailable. The company manages a total of 850 disaster recovery workspaces across the Netherlands (200), Luxembourg (600), and Belgium (50). COIN uses IGEL to deliver secure digital workspaces on demand, which can be provisioned quickly and consistently, even during disruption.

Martin Keuzenkamp, CEO, COIN Availability Services, said, “With IGEL, we can quickly and securely provide workspaces for our clients. Thanks to centralized management and the pay-as-you-go model, we are more flexible than ever.”

By shifting to a centralized, immutable endpoint approach, COIN was able to:

• Deliver secure digital workspaces instantly, minimizing downtime
• Centralize management to reduce IT workload and operational cost
• Eliminate local data storage for improved security
• Accelerate recovery through rapid workspace provisioning

From flexibility to control

Forward-looking organisations are redesigning endpoints around a simple principle: run only what is required.

This means only explicitly approved applications and services are allowed to execute. Everything else is blocked by design.

When persistence is reduced:

• The likelihood of compromise decreases
• Lateral movement becomes more difficult
• Disruption is contained more effectively
• Recovery becomes faster and more predictable

Security is no longer defined by how quickly a breach is detected. It is defined by how effectively its impact is controlled and how quickly operations can be restored.

Join the conversation in Amsterdam

This shift in how organizations design and secure endpoints will take center stage at the IGEL Now & Next Workspace & Endpoint Security Summit in Amsterdam on June 3, 2026.

IT and security leaders from across the Netherlands will come together to share practical experiences and lessons learned. The focus will be on what works in real-world environments, with an emphasis on reducing complexity, improving resilience, and regaining control over endpoints.

Sponsors include Omnissa, Nutanix, Nvidia, and UltrArmor. In addition, speakers from COIN, Gilde Educatie, and NIKE will share their experiences and best practices around the modern workplace and BC&DR.

You will also hear how organisations are:

• Preparing for NIS2 and broader EU regulatory requirements, including DORA
• Strengthening digital sovereignty by taking back control of endpoints and data
• Simplifying endpoint environments to reduce risk and operational effort
• Maintaining business continuity during cyber incidents

Register today and join CIOs, CISOs, and IT leaders to explore one critical question:

What does truly resilient endpoint architecture look like in practice within the Dutch market?