Insights

Field notes on cyber forensics, NIS2, and ransomware response in Belgium

Practical posts for law firms, healthcare, transport, and manufacturing teams navigating EU compliance and incident response.

• The €475,000 Lesson: What Booking.com Got Wrong After Its Breach

  You are not fined for being hacked — you are fined for being unprepared, slow, and unclear. What the Booking.com GDPR case actually teaches.

• When Fitness Meets Failure: Lessons from the Basic-Fit Cyber Incident

  Consumer businesses face high exposure and high reputational risk. Where most struggle is not prevention — it is post-breach chaos.

• The 72-Hour Trap: Why Most Companies Fail GDPR Breach Response

  The 72-hour rule is not about time. It is about preparedness. How to separate investigation from decision-making when it matters.

• Cybersecurity Post-Mortem: The Only Framework That Actually Protects You from Fines

  A real post-mortem is not a technical report. It is a defensible system — timeline, decisions, gaps, regulatory exposure, actionable fixes.

• NIS2 Compliance Checklist for Belgian Mid-Market Organizations (2026)

  The 12 controls Belgian organizations registered under NIS2 should evidence before the 18 April 2026 CCB deadline.

• Ransomware Incident Response in Belgium: A 7-Step Forensic Playbook

  How to triage a double-extortion ransomware incident while preserving defensible evidence for legal counsel and regulators.