After this training, you will be able to:
- Understand and explain the impact of NIS2 and the Dutch Cybersecurity Act (Cyberbeveiligingswet, CBW) at board level
- Address the explicit responsibility and liability of the board and individual board members
- Position cybersecurity effectively within governance, strategy and risk management
- Assess cyber risks in relation to business continuity and societal impact
- Demonstrably fulfil and steer the duty of care
- Fulfil the board’s role effectively during incidents and crises
- Translate supervision, reporting obligations and compliance requirements into board-level decision-making
- Provide direction on supplier and supply chain risks
- Collaborate effectively with CISO, risk, IT and compliance without getting lost in operational detail
The NIS2 Directive and the Dutch Cybersecurity Act (Cyberbeveiligingswet, CBW) mark a fundamental shift: cybersecurity is no longer merely an IT matter, but an explicit responsibility of the board.
This training focuses on that new reality. The emphasis is not on technology, but on board-level governance, liability and decision-making under uncertainty.
Participants gain insight into the changing role of the board, the impact of a complex and geopolitical threat landscape, the translation of legislation into governance and strategic choices, and the consequences of insufficient direction, including personal liability.
The training also addresses the board-level aspects of cyber crises: how board members fulfil their role during incidents, how they steer crisis management effectively and how they remain demonstrably in control.
The training is interactive and designed to help board members become demonstrably in control of cybersecurity governance.
This training is intended for:
- Board members and executive leadership, such as CEO, CFO, COO and CIO
- Supervisory board members and non-executive directors
- Senior management with final responsibility for risk and compliance
The training requires no technical prior knowledge and focuses entirely on board-level questions.
Course outline
Introduction and boardroom context
- Why cybersecurity is a boardroom topic
- The changing role of the board and supervision
Impact of NIS2 and the Dutch Cybersecurity Act
- Governance and accountability
- Duty of care and board liability
- Scope and classification of organisations
Threat landscape
- Development of threats, including state actors, cybercrime and supply chain attacks
- Impact on the organisation and society
- Supply chain dependencies and geopolitical forces
Risk management at board level
- Definition of risk: threat × exposure × impact
- Risk appetite and risk tolerance
- Prioritising risks in relation to business objectives
- Governance and responsibilities
Supply chain and duty of care
- Supply chain responsibility as a legal obligation
- Risks related to suppliers and MSP environments
- Contractual and board-level assurance
Incident management and reporting obligations
- NIS2 reporting timelines: 24 hours, 72 hours and final report
- Role of the board during incidents
- Steering the crisis organisation
Crisis management in the boardroom
- Gold-Silver-Bronze model
- Nose in, fingers out principle
- Decision-making under pressure
- Crisis communication
Training information
- Duration: half-day
- Format: in-company
- Learning format: interactive, with discussions, scenarios and boardroom simulations
- Group size: maximum 12 participants
- Language: Dutch, English possible on request
- Prerequisites: no technical prior knowledge required
The training is delivered by experienced professionals with a combination of CISO and board-level experience, practical knowledge of NIS2, the Dutch Cybersecurity Act (Cyberbeveiligingswet, CBW) and governance implementation, and experience in crisis management.