NIS2 is not an incantation. It's a buzzword. But it's also the law.
We can’t solve all the world’s problems for you, but we can help you with what we are experts in. Confused by your obligations under the NIS2 Act? Leave it to us. We’ll guide you through the jungle as best we can – clearly, practically and without unnecessary panic.
Whether you’re a city, a small business or a corporation, NIS2 can hit you harder than your morning batch of emails. And no, it’s not enough to have antivirus and a password of “1234”. You won’t get off that easy. The new cybersecurity law brings obligations that aren’t worth ignoring – whether for fines or reputation.
What do we offer at BOIT Cyber Security?
Phishing tests
We simulate real attacks so you know who’s ready – and more importantly, who’s not.
Recommended frequency: 1-2 times a year
Penetration tests
Let’s see where you have weaknesses, like a hacker attack, but without the damage.
Recommended frequency: once a year or after each major system change
Employee training
From basic awareness to CISO Academy. Online and face-to-face, interactive and without falling asleep.
Recommended frequency: at least 1x per year + when new employees start
Vulnerability scans
We regularly look for holes in your shields so that you are always one step ahead of your attackers.
Recommended frequency: monthly or quarterly
Lower mode ≠ no worry
…because the attacker doesn’t care that you’re “just” a small business.
Even if your organisation is hit by a lower duty regime, it certainly doesn’t mean you can rely on luck and a firewall from 2009. While the law “only recommends” some things, the reality of cyber threats is uncompromising.
What is “only recommended” but you should definitely do it:
| Area | Obligation in the lower regime | Why do it anyway? |
|---|---|---|
| Phishing tests | 🔄 Recommended | People are clicking where they shouldn’t. And the attackers know it. |
| Penetration tests | 🔄 Recommended | You’ll discover weaknesses before someone else does. |
| Vulnerability scans | 🔄 Recommended | Regular monitoring = fast response. |
| Employee training | 🔄 Recommended | The biggest risk sits at the keyboard. |
| Business Continuity Plan | 🔄 Recommended | When it crashes, you need to know what to do. |
| Internal audits and testing | 🔄 Recommended | No control, no certainty. |
| Security documentation | ✅ Compulsory (in basic scope) | But the better, the more peace of mind. |
Why address this without a legal obligation?
- The attacker doesn’t read the ordinances. He doesn’t care if you’re in lower or higher mode.
- Your customers and partners choose by trust. It is hard to build, but very easy to lose.
- Prevention is cheaper than a fine. And definitely cheaper than a service outage or data leak.
nZKB: Practical guide for companies and institutions
Want to be clear about who NIS2 applies to, what exactly “lower” and “higher” mode means, and what all you need (or should) address? We’ve put together a handy e-book that explains it to you in a human, clear way and without unnecessary legalese.
✅ Who falls under regulation
✅ What are the new obligations
✅ What to do today, tomorrow and next month
✅ The most common myths and mistakes
✅ And most importantly: how to prepare in peace
NIS2 is not a bogeyman. But ignoring it is like leaving the door open and hoping the thief is on vacation.
You want to take it easy? Let me know. We can help you with preparation, implementation and training. And most importantly, sleep well.