Board training · Cyberbeveiligingswet
Two hours that prepare your board for the real crisis
From 15 August 2026 the Dutch Cyberbeveiligingswet makes board members personally accountable — including a mandatory training. We run a realistic cyber incident with your full board, on site or online, and close with an audit-ready certificate for every board member.
- Location
- At your office or online
- Participants
- The full board
- Duration
- 2 hours, one session
- Outcome
- Certificate per board member
- 00:00
Welcome and context
What the Cyberbeveiligingswet asks of you as a board member, and how a cyber incident behaves in its first hours.
- 00:20
The scenario starts
A realistic crisis in your organization unfolds — built from your sector, systems and context, not from a stock script.
- 00:45
Escalation
The pressure rises: customers call, a journalist knows more than you do, the supply chain wants answers. Who decides what?
- 01:05
The reporting-duty moment
The 24-hour clock is running. Together you decide: is this a significant incident, what do we report to the CSIRT, and who signs off?
- 01:25
Deciding under uncertainty
Ransom, communications, legal position, continuity — the trade-offs the board is actually at the table for.
- 01:45
Debrief
What went well, where the gaps in plans and mandates are, and which follow-up actions we record.
- 02:00
Certificate
Every participant receives an audit-ready participation certificate — the evidence for the legal training duty.
What the law asks of your board
The Cyberbeveiligingswet places three duties directly on the board — not on the IT department.
Approve
The board approves the organization's cybersecurity measures and carries the responsibility for them.
Oversee
The board oversees the implementation of those measures — looking away is no longer an option.
Demonstrably train
Board members must complete training to be able to assess cyber risks. When they fall short, they are personally accountable.
Evidence that survives an audit
After the session every board member receives a personal participation certificate: name, role, date, duration and the topics covered — crisis management, the reporting duty and the duty of care. Exactly what you show a regulator or auditor as evidence of the legal training duty. No scores or grades; demonstrable participation.
Working with a consultancy or MSSP? The training is also delivered through partners — they know your environment, we run the exercise and issue the certificate.
Schedule the training for your board
Email us for a date or your questions — you will hear back within one business day. Price on request.
First want to know whether the law applies to you? Take the free Cbw check →