AI adoption is accelerating faster than governance in Belgian organizations

Artificial intelligence is rapidly becoming part of everyday work in Belgian organizations. But while employees are increasingly encouraged to use AI tools, governance frameworks, awareness initiatives and cybersecurity strategies are often lagging behind. That is one of the key conclusions of the seventh edition of the Proximus NXT Cybersecurity Survey, in collaboration with Ipsos, an independent and internationally recognized market research agency, based on telephone interviews with 403 Belgian organizations (10+ employees) in February 2026.

A gap between AI use and cybersecurity readiness

The survey shows that AI is widely allowed and used in day-to-day work, but that policies, awareness and cybersecurity strategies are not keeping pace.

• 81% of organizations indicate that employees are allowed to use AI tools in their daily activities.
• Only 29% have a formal AI policy in place (with strong differences depending on company size).
• Only 37% organize AI awareness campaigns for employees on risks and responsibilities related to AI use.
• Just 26% have adapted their cybersecurity strategy following recent AI developments, primarily to better protect against AI-related threats.

The report also highlights that organizations tend to view AI more as a new risk factor than as a strategic opportunity for cybersecurity, even though AI is increasingly used to help detect threats. Cybersecurity, in turn, helps protect the data and systems AI depends on.

Cyber incidents remain a reality and the impact is often financial

The AI governance gap comes at a time when cybersecurity pressure remains high across Belgian organizations. The survey found that 57% experienced at least one attempted cyberattack over the past year, and 20% reported that this led to a successful cybersecurity incident. Especially in larger organizations.

Social engineering or phishing remains the dominant attack vector with nearly half of organizations (43%) reporting attempts, although only 4% of these attempts result in an actual incident. The consequences are tangible. 59% of incidents resulted in financial costs, and 17% led to employees being temporarily unable to work.

Cyber maturity is progressing, but people and skills remain pressure points

The findings also show progress in how organizations structure cybersecurity: 74% report having a cybersecurity strategy. Yet the presence of a strategy does not automatically mean organizations feel sufficiently protected against evolving threats.

Also the human factor remains a critical factor: employees can be an entry point for attackers if not adequately aware or trained. Yet 37% of organizations still run no cybersecurity awareness campaigns at all. At the same time, 34% report a shortage of internal cybersecurity expertise, increasingly linked to the availability of specialized skills rather than to headcount.

Regulation is tightening: NIS2 awareness is growing, compliance remains limited

As cybersecurity regulation becomes more important, many organizations are still in a preparatory phase. 15% of respondents indicate they fall under NIS2 obligations, but two thirds of those say they are not yet fully compliant.

Cyber resilience is a continuous journey

The Proximus NXT Cybersecurity Survey 2026 shows that Belgian organizations are operating in an environment where cyber threats persist, regulation is becoming stricter, and technologies such as AI are reshaping both risk and opportunity. In this context, cyber resilience is increasingly a strategic responsibility that extends beyond IT.

As AI becomes more deeply embedded in daily operations, aligning AI governance and cybersecurity will be essential to ensure that innovation and protection evolve hand in hand.