Posts Tagged ‘NIS2’
NIS2 Compliance in Practice: Lessons from Belgium’s First Year
NIS2 compliance has long felt like an approaching deadline rather than a lived reality for many organisations across Europe. That is beginning to change. As member states move from transposition to enforcement, the directive is shifting from policy language to operational impact — altering reporting practices, governance expectations, and supply chain dynamics. Belgium offers one…
Read MoreFaster Ransomware Attacks: How to Break the Attack Chain
Faster ransomware attacks are no longer an emerging concern — they are the new baseline. The traditional sequence — initial access, lateral movement, privilege escalation, exploration, and finally encryption — once gave defenders an imperfect but workable window to detect and respond. That window is narrowing. Recent data indicates that attackers are now moving to…
Read MoreCybersecurity as a Competitive Advantage: A European Perspective
Cybersecurity as a competitive advantage is not how most European businesses frame the conversation — at least not yet. The dominant framing is resilience and regulatory compliance: NIS2, GDPR, DORA, and sector-specific obligations that have raised the bar for governance, incident response, and supply chain oversight. At the same time, geopolitical volatility and economic pressure…
Read MoreApril 2026 Cybersecurity Round-Up: Ransomware, Breaches & Critical CVEs
This April 2026 Cybersecurity Round-Up covers incidents affecting everything from political organisations and public infrastructure to consumer platforms at scale. While the targets varied, a consistent pattern emerged: attackers are increasingly targeting organisations that aggregate users, sit upstream in shared systems, or serve as access nodes across broader environments. Here is a breakdown of the…
Read MoreNIS2 personal liability for German boards is now live
NIS2 personal liability is now a binding reality for German management boards. Section 38 of the amended BSI Act (BSIG) establishes a personal, non-delegable responsibility for cyber risk at board and executive level — a responsibility that came into force without a transition period on 6 December 2025. Insufficient oversight, inadequate governance, or a board…
Read More
