NIS2 training for directors and supervisors
Prepare your organisation for NIS2
In today's digital world, cybersecurity is no longer an option but a necessity. The NIS2 directive will come into effect in the Netherlands in 2025, imposing stricter cybersecurity requirements and applying to sectors that were previously unregulated in this area. Directors and supervisors will have the legal, direct responsibility to ensure that cyber risks are identified and addressed, and that NIS2 requirements are met.
To make informed decisions and effectively steer their organisation in the field of cybersecurity, directors and supervisors must have sufficient knowledge of the NIS2 directive and the principles of cybersecurity. This NIS2 training provides you with the knowledge and skills needed to tackle these challenges.
Content of the learning program
Online modules
Duration: 1 hour
You will get access to our learning platform. You will complete the following online modules at your own pace:
- Landscape of cybersecurity laws and regulations
- Introduction to NIS2 and CER
- Sectors and criteria
- Scoping your own organisation
- Role of directors and supervisors
- Directors' liability and responsibilities
The online modules cover topics that we will further explore in the classroom session.
We advise you to complete the modules before the classroom session to ensure you can participate optimally.
Classroom session
Duration: 4 hours
We will focus on the practical applications. Guided by our cybersecurity experts, you will translate theory into practice. Together with our experts, you will delve deeper into the following topics:
- Introduction to NIS2 (in combination with CER)
- Governance and risk analysis, measures and management
- Third Party Risk Management
- Personal liability for directors and penalties for organisations
- (Anti-)patterns of good cybersecurity
About this course
- After the training
- For whom?
- Trainers
After the training
- you understand the essence of NIS2 & CER and their impact on your organization;
you are able to perform risk analyses and design appropriate measures;
you know how to integrate risk management into existing governance;
you learn how to manage third-party risks;
you understand administrative liability and governance in cybersecurity.
For whom?
This training is specifically designed for directors and supervisors of organisations, but also available to anyone with affinity with the subject.
The training is at an HBO level.
Trainers
Our trainers are experienced professionals in the field of cybersecurity and risk management. They have extensive knowledge of the NIS2 and CER directives and their application in various sectors.
Date & Location
27 March 2025 | 09:00 – 13:00 | PwC Amsterdam
Costs
The price is 595 euro, including training material, catering/drinks, and certificate. The training is exempt from VAT in connection with our registration with the CRKBO.
For PwC Alumni, a discount of 10% applies. When you register as a PwC Alumnus, please mention in the comments field during registration that you would like to avail the PwC Alumni discount.
Program
The program can be customized for your organization. The following program is for the open training in 2025.
| Time | Subject |
| 09:00 - 09:10 | Introduction |
| 09:10 - 09:25 | Scoping your own organisation |
| 09:25 - 09:40 | Culture and behaviour |
| 09:40 - 09:55 | Break |
| 09:55 - 10:25 | Risk analysis (BIA, threat actors, threat modelling) |
| 10:25 - 10:55 | Appropriate measures & Security Economics |
| 10:55 - 11:25 | Risk management (integration into existing governance) |
| 11:25 - 11:40 | Break |
| 11:40 - 12:00 | Third Party Risk Management |
| 12:00 - 12:15 | Measuring = Knowing = Improving |
| 12:15 - 12:30 | Anti-patterns of good cybersecurity |
| 12:30 - 13:00 | Key takeaways |
*This program is subject to change.
The training will take place with a minimum of 15 participants.
The registration period generally closes two weeks before the training date. Upon receiving your registration, we will send you a confirmation with additional information about the training. The number of seats available per training is limited, so we encourage you to register as soon as possible. If you are unable to attend, you may send a colleague in your place. Please notify us of this change via email at nl_pwc_academy@pwc.com.
PE-Portfolio accountants (AA and RA)
You can include this training course as a learning activity in your PE portfolio. After the training course, you will receive a certificate of participation (number of hours of training included).
PE points register controllers (RC)
At the end of the training course you will receive a certificate of participation from us with the number of hours of training followed. You can register this yourself on the VRC website.
Note: NIS2 requires, in accordance with Article 20 (included in Article 26 of the Cyberbeveiligingswet), that directors and supervisors must undergo training. The Netherlands still needs to determine the specific requirements that this prescribed training must meet. Therefore, the underlying training cannot yet be considered as proof of compliance with the requirement of Article 26.
Inhouse training
If you are interested in this topic and would like to have this training customized for your organization, we would be happy to discuss your learning objectives, case studies, and desired learning outcomes with you. We can also determine the duration, date, and location of the training in consultation with you. Please feel free to contact us to discuss the possibilities.
Contact us
