Well, espionage has a long history, and generally wasn't treated as cause for war. I don't think that China's aim here was to destroy Dutch infrastructure -- I mean, okay, maybe to set things up to do so in an actual war -- but rather to do espionage against the Netherlands at large scale.
Also, governments generally don't disclose -- in the near term -- that online activity was done by them. And a random group of people in Russia doing something that is indistinguishable from the Kremlin do it has potential to start wars.
Also, possible for one government to pretend to be another.
Lastly, I think that there's just an enforcement problem associated with stopping cyberattacks by trying to figure out the responsible party is and slugging them hard enough to try to deter it. Like, I think that a better route would be just making computers and networks more secure. We aren't there today, that's for sure. But, we improve, too. I mean, in the late '90s, I remember pretty much all computer protocols being unencrypted plaintext. I can imagine us having computer systems and practices that are more-resistant to attack.