Every company and every working environment is becoming increasingly digital. This trend has many advantages, including increased efficiency and speed, and has been confirmed by the adoption of working from home at many organisations. The downside of digitisation is that cyber risks are growing. With legislators tightening the requirements in the area of cyber security, businesses are obliged to step up their efforts
The way many businesses work has changed significantly in recent years. Production lines that are now controlled almost entirely by digital means or administrative processes that are taken care of using a digital accounting package are examples of this.
As a result of this wave of digitisation, most businesses have to some extent become IT businesses. This makes them more attractive to criminals, who have not stood idly by, but are eagerly making use on a huge scale of phishing emails that lead to ransomware attacks all over the world.
In 2024, the NIS2 Law was introduced in Europe. This stricter and more extensive version of the initial NIS legislation from 2016 aims to beef up businesses’ efforts in the area of cyber security, specifying the approach they must take to their security policy. The scope of businesses and sectors covered by the legislation has been extended: the focus was previously on crucial sectors such as hospitals, banks, energy and the water supply, but NIS2 now also relates to sectors such as food, production and transport.
The NIS2 legislation is managed in Belgium by the Centre for Cybersecurity (CCB). Companies in breach of the legislation may face a range of measures, from advice, instructions, bans, inspections and fines all the way through to the removal of directors from their position.
Both businesses and private individuals will increasingly face digital risks. Alongside current legislation such as GDPR (focusing on data protection and privacy) and NIS and NIS2 (focusing on cyber security), new legislation is being developed all the time to increase resilience to digital risks.
The next piece of legislation to come out is the Cyber Resilience Act, focusing on the products that businesses make. It will seek to ensure that the software in smartphones, for example, is safe.
We advise companies to manage cyber risks optimally, with the help of their broker, by focusing on three aspects:
- Arranging an insurance solution that provides support in the event of incidents and offers a financial safety net.
- Providing training so that employees can spot phishing emails and respond appropriately.
- Holding workshops to prepare for a cyber incident on the basis of a realistic case study and to develop an action plan.
