Evaluation of the Dutch Defence Cyber Strategy

Hands programming code on a laptop

Photo by scyther5/Getty Images


To be successful in the digital age, defence organisations and national governments need to have the right capabilities to manage the increasing amount of cyber threats globally and within their own nations’ borders. This means ensuring that the right individuals with the right in-depth knowledge are recruited and retained, the best technology and procedures for acquiring these are implemented and the right cyber defence strategies are in place.

The Dutch Ministry of Defence (MoD) is an organisation that is keen to understand and test its own capabilities, particularly its Defence cyber strategy and whether the correct decisions have been made as part of this strategy. A highly effective Defence cyber strategy is vital for national and international organisations in safeguarding and increasing the effectiveness of their defence capabilities and enhancing their own cyber resilience. Evaluating such strategies on a regular basis as part of the policy cycle is important in encouraging defence organisations to remain vigilant against ongoing cyber threats and invest in appropriate assets and knowledge.


In light of this, VKA and RAND Europe have been commissioned by the Dutch MoD to conduct an evaluation of its Defence cyber strategy.

The study aims to:

  • Assess the extent to which a comprehensive and integrated approach has been adopted in the Dutch cyber defence strategy
  • Identify the extent to which each key task within the focal areas of the cyber defence strategy have been implemented effectively since its publication
  • Compare the MoD’s Defence cyber strategy and its investments to other MoDs in comparable countries.


The study will follow three stages in its evaluation approach:

Stage 1: Establishing the performance criteria and standards applicable to the Defence cyber strategy, its Key Performance Indicators (KPIs) and intended outcomes through review of policy documents and a stakeholder workshop.

Stage 2: Data gathering related to the activities and outcomes identified through desk research, interviews and document reviews. In this stage, evidence will be gathered in the Dutch context, as well as in three comparable countries.

Stage 3: Assessing the contributions made by the Defence cyber strategy and its activities in achieving these standards and outcomes through desk research, comparative analysis and a stakeholder workshop.