From scope and impact analysis to full compliance — structured, platform-supported, in 12 weeks. Fixed-fee packages instead of hourly billing.
Free initial consultationThe NIS-2 directive applies to all essential and important entities — typically mid-market companies with more than 50 employees and €10M annual revenue, plus all critical infrastructure operators. Suppliers of these entities are pulled in via the supply-chain clause. Non-compliance can trigger fines up to €10M or 2 % of global annual revenue — plus personal liability for management.
NIS-2 mandates a risk-based approach with ten concrete minimum measures every in-scope organisation must implement.
Cyber-risk assessment methodology and binding security policies for the entire organisation.
Detection, containment, remediation, and reporting processes for security incidents — with clear ownership and timelines.
Continuity plans, backup strategies, recovery procedures — tested, documented, exercise-ready.
Assessment of critical suppliers and service providers, contractual cybersecurity requirements, ongoing monitoring.
Secure-by-design for IT procurement, secure development processes, patch and vulnerability management.
Periodic verification that implemented cybersecurity measures meet their objectives — with measurable indicators.
Mandatory awareness training for all employees, periodically refreshed and demonstrably documented.
Concepts and procedures for encryption of data in transit and at rest, key management, algorithm governance.
Clear access concepts (least privilege), asset inventory, and lifecycle management.
MFA for all privileged and remote access, secured communication channels including in emergency scenarios.
Source: § 30 NIS-2 Implementation and Cybersecurity Reinforcement Act (NIS2UmsuCG), which transposes EU Directive (EU) 2022/2555 into German law.
Three clearly defined packages along your NIS-2 maturity. Transparent fixed fees, no hourly billing.
Structured scoping, gap evaluation, prioritised roadmap.
Full NIS-2 compliance: ISMS build-out, processes, documentation, evidence.
Ongoing NIS-2 compliance, BSI reporting readiness, annual effectiveness review.
Final pricing depends on company size, number of sites, and IT complexity. We define the precise scope in a free initial call.
Four phases over twelve weeks. Each phase with a clear output, management sign-off, and structured handover.
Clarify NIS-2 status, scope, ownership, critical services and processes. Output: stakeholder map and scope document.
Structured evaluation of the ten minimum measures using the Cybervize platform, maturity score, gap analysis, risk assessment.
Prioritised roadmap, effort and cost estimates, management sign-off, implementation plan with ownership.
Execution of prioritised measures, documentation, training, effectiveness measurement, audit preparation.
Recognized by
Schedule a free initial consultation. In 30 minutes we clarify your scope, the next steps, and whether the gap assessment is the right entry point for you.
Schedule consultationComprehensive analysis of your IT security posture with actionable roadmap.
Learn moreStrategic security leadership at C-level, flexible and cost-effective.
Learn moreImmediate security expertise for transition phases and critical projects.
Learn moreMany companies treat NIS2 as a tick-box exercise. But compliance is not the same as resilience. The Cross-Border Cybersecurity Tour #2 in Saarbrücken made it clear: a functioning security operation outweighs any tool collection.
70% of SMEs treat NIS2 as a compliance checkbox. But organizations that see it as a strategic lever can turn regulatory requirements into operational excellence and genuine resilience.
Alexander Busse speaks at the CROSSBORDER CYBERSECURITY TOUR #2 in Saarbrücken on how NIS2 compliance can drive operational excellence. Why 70% of SMEs misjudge the regulation – and how to turn it into a genuine competitive advantage.
