Largest cyber security operation ever in Belgium: 2410 organizations from critical sectors take action

Cybercrime is set to explode in the coming years. The new European Network and Information Security Directive (NIS2) aims to improve the cybersecurity and resilience of essential and key services in well-defined sectors in the EU.

Belgium was the first European member state to fully implement the new NIS2 directive. Belgian organizations covered by the NIS2 legislation have until tomorrow to register on the website atwork.safeonweb.be on a mandatory basis and are currently taking the necessary security measures such as protection against cyber attacks and data breaches.

Who has already registered today

A total of more than 4500 organizations from all sectors have registered. As many as 2410 NIS2 organisations from critical sectors such as energy, transport, healthcare, digital infrastructure, government, manufacturing, etc. have registered today. 

An estimate based on figures from the FPS Economy, brings us to a total of around 2,500 organisations that are in scope of NIS2. We can therefore say that the vast majority have put themselves in line in time by registering.

"We expect that the number of NIS2 organizations' registrations and reports of cyber incidents or threats will continue to increase in the coming months and later stabilize. The relevant organizations in our country are working hard to take their cyber security to the next level." Miguel De Bruycker, director general of the Center for Cybersecurity Belgium (CCB).

Incident reporting increases

Over the past 18 months, the CCB received a total of 556 reports of cyber incidents.  From August 2023 through September 2024, we received an average of 25 reports per month. Since the introduction of the NIS2 legislation last year, there were 226 incidents, an average of 45 per month. 80% more compared to the period before. Incident reporting has increased due to the implementation of the NIS2 legislation. There are no indications that there are effectively more cyber attacks on Belgian organizations.

"We find that organizations used to not know their way around or didn't feel it necessary to report incidents," Miguel De Bruycker points out. "There was underreporting in the past. The number of significant reports by itself has not increased."

A registered organization is worth 2

Not only NIS2 organizations can register, for all other organizations registration with Safeonweb@Work also offers many benefits.

"In February 2025, we faced a cyber attack and, thanks to our registration, we were able to count on a quick and efficient intervention by the CCB.  Its usefulness has since been proven. The additional services also come in handy ", states Dirk Declerck, CEO Port of Ostend.

Registered organizations get free access to the following services:

• Priority: After your registration we have some basic information. If we have noticed a vulnerable system on a domain name or IP address that is registered, we can alert your organization very quickly. However, NIS2 organizations are given priority over other organizations.
• Cyber Threat Alerts: Helps organizations investigate and mitigate potential cyber threats on their network by receiving structural notifications of vulnerabilities and infections.
• Quick Scan Report: Organizations receive a report that provides an overview of security weaknesses and opportunities for improvement.
• Self-assessment: a short questionnaire to identify weaknesses and receive targeted recommendations
• Policy templates: ready-to-use cybersecurity policies.