Last year, the Basic Digital Resilience Training was developed for all Dutch central government employees to strengthen digital resilience. The government handles sensitive and confidential information, so secure management is crucial. As cybersecurity threats continue to evolve, the training is continually updated. Why is this training so important? What can employees expect? And what’s new?
Martijn de Hamer, Acting Chief Information Security Officer (CISO) for the Dutch Government, and Jos Rippe, Project Lead for Digital Resilience, explain further: “If you don’t work securely, your work could grind to a halt,” says De Hamer. “Opening an infected email could lock your screen and compromise your data. The aim of this training is to ensure that ministries and organisations can continue working safely and effectively.”
How did the CISO experience the Basic Digital Resilience Training?
De Hamer, who has been CISO at the Ministry of the Interior and Kingdom Relations (BZK) for less than a year, noted the immediate emphasis on digital resilience and training: “As soon as I arrived, I was asked whether I had completed the training.” He had, and found it valuable: “The training takes just 4 hours and is very practical. The content and tone are excellent, focusing on real-life scenarios such as sending emails, drafting documents, or discussing work with colleagues. It’s not about theory or certificates; it’s about fostering safe behaviour among employees.”
So, is digital resilience more than just an IT concern?
“Absolutely,” says De Hamer. “Every employee has a responsibility in this, and everyone plays a vital role, from gathering information from society to how we process data and share it with others. It is our collective responsibility to handle this securely. Leaders must ensure this is prioritised. The Basic Training isn’t just another tool; it’s about raising awareness and driving behavioural change.”
How can leaders drive this change?
De Hamer emphasises, “It is up to leaders to set the right example by being the first to complete the training. This demonstrates its importance. Keep the conversation going. When it becomes a regular topic of discussion, the anxiety around it lessens, and the stigma fades.”
Rippe adds that it is essential to consistently highlight the Basic Digital Resilience Training and its significance during performance reviews and team meetings. “Incorporate it into your onboarding process,” De Hamer continues, “so that new employees are aware of it from day 1.”
Both De Hamer and Rippe stress the importance of creating time and space for employees to undertake the training. De Hamer notes, “This is part of your work, so it should be completed during working hours. Yes, this requires allocating time, which may mean less time for other tasks. But this is important too!”
What is needed to better integrate training and digital resilience into daily work?
De Hamer and Rippe emphasise that this is not a one-off effort. Rippe explains, “To be and remain digitally resilient, we continuously develop the training. Consider this a foundation; organisations have the flexibility to tailor their own programmes to best suit their work and employees. It is crucial that staff complete refresher training annually and obtain updated certification. To streamline this, we’ve introduced a refresher module, reducing training time from 4 hours to approximately 30 minutes.”
De Hamer emphasises the importance of taking action and engaging actively with the training. He underscores the crucial role of leaders: “Share your experiences and lessons learned, even if it involves admitting minor mistakes. Mistakes are inevitable, and learning from them is key to avoiding repetition. However, this process requires a supportive environment to succeed.”
How can organisations ensure there is room for error?
De Hamer explains that the foundation lies in fostering an open, safe working environment: “People must feel comfortable reporting incidents without fear. That’s the first step. Don’t hide mistakes. Instead, report them when something goes wrong.” He emphasises the critical role of leadership: “Instead of reacting with frustration, ask, ‘How can we solve this together?’” De Hamer also encourages viewing the organisation as a learning entity, in which processes are continuously adapted and improved through experience.
How does the new module for leaders contribute?
Rippe highlights that the new module is designed to empower leaders to champion digital resilience within their teams. It addresses practical questions such as: “How do I encourage my team to participate in the training?” and “I’m not an expert in digital resilience. Where can I direct my team’s questions?” The module equips leaders with the tools to inform, facilitate, and guide their departments towards greater digital resilience. In doing so, it ensures that digital resilience is not just a policy but a shared priority embedded in the organisation’s culture.
Interested in the Basic Digital Resilience Training?
The Basic Digital Resilience Training is available to government staff in Dutch via the organisation’s learning portal or the RADIO learning platform.
The training has recently been updated with several improvements. Both the refresher module and the module for leaders are now available on RADIO’s website:
- See the refresher module (Dutch, and login required)
- See the module for leaders (Dutch, and login required)
Questions? Visit the RADIO FAQ page (Dutch, and login required) or email: postbus_digitale_weerbaarheid@minbzk.nl.
