1. Offerings
  2. /
  3. Security
  4. /
  5. EXECUTIVE TRAINING (NIS2)

The Cybersecurity Act (NIS2): Training, Incident Exercise and Executive Responsibility

Cybersecurity has become a clear leadership issue. With NIS2, responsibility is no longer indirect or delegated – it is formal, personal and defined by law. Fulfilling that responsibility requires more than policies and reports. It requires understanding, sound judgement and practical training in how leadership should act when it truly matters.

This one-day training is a first step. For organisations ready to move from accountability to execution, it also serves as a natural starting point for our Resilience service, where we work systematically and long term with cybersecurity.

Expression of Interest – Executive Training

Business man explaining a project to his team

When responsibility becomes personal

NIS2 means cybersecurity is no longer just a technical matter. It is a statutory responsibility for executive management and the board. In cases of non-compliance, administrative fines may reach up to two percent of global annual turnover. But the greatest risk is often something else:

  • Business disruption
  • Loss of trust
  • Unclear decision-making in times of crisis

The legislation requires members of management to undergo training on security measures and to demonstrate that they understand their responsibilities.

What the training provides

During one full day, executive management and board members will gain:

  • A clear understanding of the formal responsibilities under NIS2
  • Tools to interpret risks and identify critical assets
  • The ability to set the right expectations within the organisation
  • An understanding of what constitutes “appropriate security measures”

Practical table-top simulation exercise

The training includes a realistic incident simulation in which the leadership team responds to a simulated cyberattack. Participants practise:

  • Decision-making under pressure
  • Communication responsibilities
  • Balancing legal, operational and business priorities
  • Collaboration with the operational security function

The objective is to ensure that responsibility is not only documented, but operationally understood.

After the training, you will be able to

  • Account for executive responsibility under the law
  • Request the right decision-support materials
  • Act in a structured manner during an incident
  • Initiate a risk-based approach that also includes suppliers

Upon completion, you will receive a summary document that can be used for internal follow-up and in the event of regulatory supervision.

PRICE: FROM SEK 168,000

Based on 8–20 participants. Delivered on site or digitally.

Next steps

The training and incident exercise can be delivered as a standalone engagement. For organisations that wish to continue working in a structured and long-term manner with their cybersecurity capabilities, it is possible to build further within our Resilience service.

There, we work systematically with prioritisation, follow-up and implementation, aligned with the NCSC’s 10 cybersecurity capabilities. This is not a requirement. The training itself provides the knowledge and practical exercise required by law.

Related services

M365 Security Assessment

Offering

Read more

DPIA

Offering

Read more

Cyber Security Lifecycle Management

Offering

Read more

We are leading edge •

Contact us

Are you interested in this offer? Please fill out the form below and one of our experts will contact you shortly.

Hidden
Hidden
Samtycke(Required)

Follow us!

We’re happy to share knowledge, experiences, and inspiration. Follow us on LinkedIn or subscribe to our newsletter to get the latest insights—before anyone else.

We are leading edge •

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Exobe AB, corp. ID no. 556769-5605, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Personalization cookies

In order to provide a better experiance we place cookies for your preferances

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data