Get NIS2 Compliant — Without the Guesswork
We've helped organizations across the Benelux tackle NIS2 head-on. Pick the modules you need, move at your own speed, and work directly with senior practitioners who've been in the CISO chair themselves.
Why NIS2 Matters Now
NIS2 isn't just another regulation to file away. It comes with real fines, personal liability for directors, and strict reporting deadlines. Here's what's changed.
Far More Organizations Are In Scope
NIS2 covers 18 sectors and over 160,000 entities across the EU. If you haven't been regulated before, there's a good chance you are now.
Directors Are Personally On the Hook
This isn't just an IT problem anymore. C-suite and board members can be held personally liable — including management bans in severe cases.
Your Suppliers Are Your Responsibility
NIS2 requires you to assess and manage cybersecurity risks across your supply chain. If a supplier causes a breach, you're still accountable.
24-Hour Incident Reporting
When something goes wrong, you have 24 hours for an early warning and 72 hours for a full notification. That only works if you've planned ahead.
7 Modules — Take What You Need
Everything is modular. Start with a scoping assessment, layer on services as you go, or jump straight to a full package. Your call.
Scoping & Classification
Find out where you stand: are you Essential or Important under NIS2? We'll map your obligations and give you a clear, prioritised action plan.
CyFun Gap Analysis
We measure where you are today against the CyberFundamentals framework — Basic, Important, or Essential level — and show you exactly what needs fixing.
Board & Management Training
NIS2 requires your directors and executives to understand their obligations — including personal liability. We run focused workshops that get your leadership up to speed.
CyFun Implementation
We build and deploy the policies, procedures, and technical controls you need to close your CyFun gaps — not just on paper, but in practice.
Incident Response & Reporting
When a breach happens, you need a plan that actually works. We build yours using our FlexibleIR methodology — complete with playbooks and hands-on tabletop exercises.
Supply Chain Risk Management
Your vendors are part of your attack surface. We help you assess, score, and track cybersecurity risks across your supplier base with a structured programme.
Certification Preparation
Ready to get certified? We prepare you for CyFun verification or ISO 27001 — from evidence gathering to mock audits to sitting with you on audit day.
Packages That Make It Simple
Not sure where to begin? Pick a package that matches your timeline and budget. Each one bundles modules so you don't have to piece things together yourself. All prices are approximate and subject to change based on your organization's individual circumstances.
QuickStart
- NIS2 scoping & classification (M1)
- CyFun gap analysis (M2)
- Prioritised compliance roadmap
- Executive summary briefing
Essentials
- Everything in QuickStart
- Board & management training (M3)
- CyFun implementation support (M4)
- Policy suite & control deployment
- Compliance evidence package
Complete
- All 7 modules (M1 – M7)
- Full CyFun implementation
- ISO 27001 fast-track option
- Supply chain risk programme
- Certification audit support
Retainer
- Continuous compliance monitoring
- CISOaaS integration (15–20% off)
- Quarterly maturity reviews
- Regulatory change tracking
- Priority incident support
Why Cubic Consulting
We're practitioners first. You get senior expertise without the overhead — and at a price that actually works for mid-market and SME budgets.
30+ Years in the CISO Chair
Our team has led security programmes at Fortune 500 companies and responded to major incidents firsthand. We've lived what we're advising you on.
30–50% Below Big Four Rates
Same calibre of expertise, far less overhead. You work directly with senior consultants — no layers of junior analysts in between.
Multilingual & Benelux-Based
We deliver in English, French, German, and Luxembourgish. That matters when you're dealing with Belgian regional complexity or cross-border operations.
Modular by Design
Start with one module, add more when you're ready. Every service works on its own or fits into a full compliance programme — no lock-in.
FlexibleIR Methodology
Our "digital GYM" approach to incident response means regular, realistic exercises — so your team builds actual muscle memory, not just paper plans.
Let's Figure Out Where You Stand
Book a free 30-minute call. We'll walk through your NIS2 obligations, estimate how far you are from compliance, and map out your next steps. No pitch, no pressure.
Book Your Free Assessment