Prepare for cyberattacks – Mandatory cybersecurity training

Cybersecurity training helps executives and IBFs prepare for NIS2-related requirements, understand the business risks of cyberattacks and make more informed decisions.

Prepare for cyberattacks – Mandatory cybersecurity training

Cybersecurity is no longer just an IT issue: it has become a leadership responsibility

In recent years, the way organisations think about cybersecurity has changed significantly. What was once treated mainly as a technical matter is now clearly recognised as a business, financial and reputational risk. A successful ransomware attack, a supplier-related incident or a breach involving sensitive data does not only affect IT systems — it can disrupt the entire operation of a company.

Attackers are constantly refining their methods. AI-powered phishing campaigns, attacks targeting supply chains and ransomware incidents that can paralyse critical business processes now pose a real threat to organisations of all sizes. For companies today, the key issue is how prepared they are to detect, manage and recover from a cyber incident.

The NIS2 Directive and the related Hungarian regulatory framework respond to this shift. Regulators have recognised that cybersecurity cannot remain the sole responsibility of IT departments. Company leaders are expected to take an active role in managing cyber risks, overseeing security measures and ensuring compliance with regulatory requirements.

One important element of the regulation is the regular training of senior executives and the persons responsible for the security of information systems — known in Hungary as IBFs. The framework for this is set out in Decree 17/2025 (VII. 24.) EM under the Hungarian Cybersecurity Act. The aim is not only to support legal compliance, but also to strengthen organisational cyber resilience.

Senior executives and decision-makers are expected to understand the cyber risks affecting their organisation and the business impact of those risks. They need to be aware of their own responsibilities, understand the basic principles of incident management and be able to allocate the necessary resources to security measures.

A business leader does not need to configure firewalls or analyse log files. However, they do need to understand the potential consequences of a multi-day service outage, a data protection incident or the compromise of a critical supplier. Sound decision-making requires the ability to interpret cyber risks from a business perspective, and to provide high-level direction to expert teams and internal processes.

At the same time, the role of IBFs is becoming increasingly complex. A modern information security lead needs to understand the regulatory environment, risk management, the operation of information security management systems and technical protection measures. Incident management, business continuity, monitoring and threat detection are also becoming increasingly important parts of the role.

Experience shows that in many organisations, the biggest challenge is not the lack of technology. More often, difficulties arise from unclear responsibilities and processes, poor decision-making or the underestimation of risks.

Effective protection depends on strong cooperation between management and the IBF. Leaders need to understand the risks, while IBFs need to be able to translate those risks into business language.

The right training programmes can support this cooperation. They help create a shared mindset, improve internal communication and contribute to making cybersecurity an integral part of corporate governance.

Organisations that treat these trainings only as a mandatory requirement may miss a significant opportunity. The real value lies not in obtaining a certificate, but in building more informed decision-making and greater organisational resilience.

Based on these principles, Training360 has developed dedicated training programmes for senior executives and IBFs. These programmes fully cover and meet the legal requirements, while also providing knowledge that can be applied in everyday work. The courses are delivered by experienced cybersecurity experts and auditors, giving participants insight into proven practices. Practical sessions also support the development of skills needed to handle everyday information security tasks more effectively.

Our current training programmes for senior executives and IBFs

Successful companies now treat cybersecurity as a strategic business issue. Prepare for the key challenges with our cybersecurity training programmes, and help your organisation face the future with greater confidence.

Back to the news