NIS2 Boardroom Training

NIS2 Boardroom Training

A cyber incident can be a major disruption - and the NIS2 cybersecurity legislation holds directors and management personally liable for cybersecurity. That is why NIS2 requires your board to undergo cybersecurity training.

De Clercq Lawyers and Bureau Veritas Cybersecurity have developed a one-day NIS2 Boardroom Training aimed at your board. It helps directors and management meet NIS2 training requirements and prepares them for the reality of cyber risks. 

Participants receive a certificate that demonstrates compliance with the NIS2 management training requirement.

The NIS2 Boardroom Training is a collaboration between De Clercq Lawyers and Notary and Bureau Veritas Cybersecurity's cybersecurity experts.

What you will learn:

After the training, your directors and managers will be able to:

• Translate cyber risks into daily practice across all business functions, from social services to supplier contracts and chain dependencies.
• Understand their personal liability as directors when incidents occur.
• Ask IT and security teams critical questions: "How long does recovery take? What's our acceptable data loss?"
• Apply NIS2 reporting requirements; knowing that suspected incidents require initial reporting within 24 hours.
• Decide on strategic security investment and integrate cyber risks into existing Planning & Control cycles.

This reduces incident likelihood and impact. It prevents fines, liability, and reputational damage while embedding security as long-term organizational culture.

Target group: directors

We see that most participants in this training do not have an IT background. They are generally policymakers, department heads, managers, and directors; people who are used to discussions about budgets, legislation, and organizational change. 

Cybersecurity can often feel like "something for IT" or the CISO. Our approach takes this into account by linking cybersecurity to topics that directors are familiar with: risk management, liability, governance, continuity, and reputation.

About our trainers

All trainers - cybersecurity specialists and lawyers - have years of experience teaching directors and explaining complex matters in plain language.

What sets them apart:

• They speak the language of directors: governance, risk, liability, reputation; not technical jargon.
• They challenge directors with questions like: "You say cybersecurity is a priority. When did you last speak to your CISO?"
• They combine knowledge with teaching skills, explaining how malware works and why it matters to directors in minutes.

Program NIS2 Boardroom Training

The training covers one day from 9:00 AM - 4:00 PM at a location of your choice. Alternately, legal and cybersecurity experts provide the modules.

If your CISO is present, you can immediately enter into a dialogue with them. In that case the training will be able to focus on specific issues within your organization. 
 

Module 1: Introduction to NIS2

• What is NIS2?
• Who does NIS2 apply to?
• What does NIS2 mean for organizations and their administrators?
• Timeline of NIS2

Module 2: Governance

• Responsibility of the board and directors
• Liability of the board and directors
• Monitoring

Module 3: Cybersecurity risks

• Cyber crime and cyber risks
• When is information security appropriate from a legal and cybersecurity perspective?

Module 4: Supply chain security

• Importance of cybersecurity in the supply chain
• How do you ensure cyber security in the supply chain?
• Dealing with contractual reporting obligations and audit rights

Module 5: Reporting obligations

• Duty to report significant incidents
• Timeline
• Importance of legal in incidents
• Usefulness and necessity of cybersecurity insurance

Module 6: European certification schemes

In this closing module we will discuss European certification schemes and what these mean for your organization.