simler

Board training · Cyberbeveiligingswet

Two hours that prepare your board for the real crisis

From 15 August 2026 the Dutch Cyberbeveiligingswet makes board members personally accountable — including a mandatory training. We run a realistic cyber incident with your full board, on site or online, and close with an audit-ready certificate for every board member.

Schedule the trainingPrice on request · info@simler.ai
Location
At your office or online
Participants
The full board
Duration
2 hours, one session
Outcome
Certificate per board member
Agenda120 minutes · boardroom
  1. 00:00

    Welcome and context

    What the Cyberbeveiligingswet asks of you as a board member, and how a cyber incident behaves in its first hours.

  2. 00:20

    The scenario starts

    A realistic crisis in your organization unfolds — built from your sector, systems and context, not from a stock script.

  3. 00:45

    Escalation

    The pressure rises: customers call, a journalist knows more than you do, the supply chain wants answers. Who decides what?

  4. 01:05

    The reporting-duty moment

    The 24-hour clock is running. Together you decide: is this a significant incident, what do we report to the CSIRT, and who signs off?

  5. 01:25

    Deciding under uncertainty

    Ransom, communications, legal position, continuity — the trade-offs the board is actually at the table for.

  6. 01:45

    Debrief

    What went well, where the gaps in plans and mandates are, and which follow-up actions we record.

  7. 02:00

    Certificate

    Every participant receives an audit-ready participation certificate — the evidence for the legal training duty.

What the law asks of your board

The Cyberbeveiligingswet places three duties directly on the board — not on the IT department.

Approve

The board approves the organization's cybersecurity measures and carries the responsibility for them.

Oversee

The board oversees the implementation of those measures — looking away is no longer an option.

Demonstrably train

Board members must complete training to be able to assess cyber risks. When they fall short, they are personally accountable.

Evidence that survives an audit

After the session every board member receives a personal participation certificate: name, role, date, duration and the topics covered — crisis management, the reporting duty and the duty of care. Exactly what you show a regulator or auditor as evidence of the legal training duty. No scores or grades; demonstrable participation.

Working with a consultancy or MSSP? The training is also delivered through partners — they know your environment, we run the exercise and issue the certificate.

Schedule the training for your board

Email us for a date or your questions — you will hear back within one business day. Price on request.

First want to know whether the law applies to you? Take the free Cbw check →