Since the introduction of the NIS2 legislation in October last year, 1224 organisations from critical sectors have already registered with the Centre for Cybersecurity Belgium (CCB). During this period, the number of reports of cyber incidents increased by 50%.
Cybercrime is set to explode in the coming years. The new European Network and Information Security Directive (NIS2) aims to improve the cyber security and resilience of essential and key services in well-defined sectors in the EU.
Pioneering role
Belgium was the first European member state to fully implement the new NIS2 directive. Meanwhile, half of the EU member states still need to transpose it into national law
Belgian organisations covered by NIS2 still have until 18 March 2025 to register on the website atwork.safeonweb.be on a mandatory basis and implement security measures
Who has already registered today
About 1224 organisations from critical sectors such as energy, transport, healthcare, digital infrastructure, government, manufacturing, etc. have already registered today. Thus, more than half of the organisations under the scope of the NIS2 Act are yet to register
In the last quarter of 2024, the CCB received 116 reports of cyber incidents. By comparison, the same period last year saw 74 incidents. That is an increase of more than 50 per cent since it became mandatory to report incidents
"These results are in line with our expectations and contribute to a better threat picture," said Miguel De Bruycker, director general of the Centre for Cybersecurity Belgium. "We expect the number of NIS2 organisations' registrations and reports of cyber incidents or threats to increase further by 18 March. Organisations in our country are working hard to take their cyber security to the next level."
A registered organisation is worth 2
Not only NIS2 organisations can register, registration also offers many benefits for all other organisations. Registered organisations get free access to the following services:
- Cyber Threat Alerts: helps organisations investigate and mitigate potential cyber threats on their network by receiving notifications about vulnerabilities and infections.
- Quick Scan Report: organisations receive a report that provides an overview of security weaknesses and opportunities for improvement.
- Self-assessment: a short questionnaire to identify weaknesses and receive targeted recommendations.
- Policy templates: ready-made cybersecurity policies.
International recognition
At the Cybersecurity Conference in Bucharest, Romania decided to enter into a partnership with Belgium. Ireland is also taking steps in this direction. With this partnership, the CyberFundamentals (CyFun®) framework can submitted to the European Cooperation for Accreditation (EA) for wider international recognition. It offers benefits for international companies, as certificates will be automatically recognised in all participating countries. More countries are expected to follow the example of Romania and Ireland.