What are you looking for?

Improved accessibility mode

SURF strives for a website that is accessible to everyone. We are working on a full accessibility mode.
Hal van hogeschool windesheim waar studenten werken en lopen
News

OZON 2025: what have we learned?

It is clear that practice pays off: with every exercise, organisations improve their crisis escalation processes. More than 90 organisations took part in this year’s sector-wide crisis exercise, OZON. The main areas for improvement lie in information management. The advice is: keep practising.

The fifth edition of the biennial sector-wide crisis exercise for education and research OZON took place in March (also read the report From protest to cyber crisis: this is how realistic an OZON exercise can be). Clearly, institutions learned a great deal. Especially those that have taken part in OZON more than once. With each exercise, organisations take new steps and improve specific parts of their crisis escalation process.

One example is TU/e. Earlier this year, they found that their response to the cyberattack had significantly improved thanks to extensive practice and the fact that the lessons learned from previous exercises had  been acted upon. 

"In a crisis, every second counts. Training ensures that everyone knows their role and no precious time is lost in miscommunication."
Joost de Jong, CISO at TU/e

Structured information sharing remains a key focus

One of the main points for attention from the previous OZON exercise (2023) was the sharing of information between institutions at operational, tactical, and strategic levels. This year, we saw that a great deal of information was exchanged at all levels, which is positive. However, there are still insufficient agreements on how to do this in a structured way. As a result, noise arises, both within and between the different levels.

Maintain multisectoral strategic coordination meetings

In recent years, we have explored what coordination on a strategic level should look like during a crisis. We tested this multisectoral set-up during OZON this year. External experts guided and tested the process.

They recommended retaining this consultation during large-scale cyber crises. But with the note to keep it small, flexible and approachable. It is also important that this body is not used to compensate for shortcomings in information flows elsewhere, and that it should not slow down decision-making.

Team building for cyber crises

You cannot escape it: sooner or later you will be attacked by hackers. What can you do as an institution, and as a director, to prepare for such an emergency? We asked three administrators: Pauline Satter (COG), Jos Vranken (Hotelschool The Hague) and Patrick Groothuis (TU/e).

To the article

Follow-up steps

In the lead-up to the next OZON in 2027, we will explore the best approach to information management during a large-scale cyber crisis: what can we learn from other sectors, such as healthcare or defence?

And: we keep practising. You can do so in March 2026 with your own institution during the tabletop exercise NOZON, the light variant of OZON. Of course, if you want to exercise earlier, you can do so too. In that case, use the NOZON manual. There you will find all the information you need to organise a good exercise. The manual also contains a number of sample scenarios.

Want to participate in NOZON 2026?

Register your institution by 30 November 2025 at the latest!

Experiences from OZON 2025: how do you practice a cyber attack?

Together with two institutions, we look back on OZON 2025. ROC van Twente took part for the second time, while Erasmus University has participated several times before. Both educational organisations look back with satisfaction, not because everything went perfectly, but because OZON consistently provides concrete points for improvement.

Read the article in Dutch

Related topics: