This blog is a preview of our session at Sirus Connects on October 9, 2026, where we bridge the gap between cybersecurity theory and practice, with concrete guidance for your IT landscape.
Speaker:
According to 2025 figures from the CCB, no fewer than 70% of Belgian companies consider it somewhat to very likely that they will soon become the target of cybercriminals, yet fewer than half have taken the basic steps to protect themselves adequately. Turning theory into practice clearly remains a major challenge.
There’s no getting around it anymore. These days, we hear almost daily about new cyberattacks targeting organisations large and small. The statistics don’t lie either. ENISA, the European agency for cybersecurity, tracked nearly 5,000 cyberattacks in 2025 and observed that 87% of cyber intrusions had major consequences, such as ransomware or information theft. The Centre for Cybersecurity Belgium likewise reported a 41% increase in emergency interventions carried out during active cyberattacks last year, and received no fewer than 10 million reported phishing emails.
The gap between theory and practice
So the threat is well known, but at the same time, many organisations struggle with the question of how to protect themselves against it concretely.
Again according to ENISA, 76% of organisations find it difficult to attract cybersecurity expertise. The CCB, in turn, indicates that only 46% of companies have consistently rolled out two-factor authentication, even though 80% of cyberattacks could have been partially or entirely mitigated by it. This shows that there is still a wide gap between the theoretical need for a more secure IT environment and its practical realisation.
NIS2 raises the stakes
The NIS2 legislation puts additional pressure on organisations. From 2027 onwards, many organisations will be legally required to tighten their cybersecurity and successfully pass mandatory security audits, and ENISA accordingly reports that 70% of organisations name “compliance” as their main driver for IT investment.
To give substance to these investments, frameworks do exist — ISO 27001 or the CCB CyberFundamentals — but organisations that start working with them quickly notice that these are often too generic to apply directly, requiring a translation step towards the on-the-ground situation of each organisation.
That translation step, in turn, gets stuck on the difficulty of attracting expertise — bringing the problem full circle, and leaving cybersecurity all too often an exercise on paper.
Shared knowledge, decentralised action
The IT world, however, is no stranger to big, multifaceted challenges. The solutions take different forms, but the common thread is a central distribution of knowledge to facilitate decentralised action. When a common language is spoken about which concrete steps need to be taken, and everyone active within an IT landscape knows their place in the bigger picture, the whole becomes more than the sum of its parts. Each party contributes its share of expertise and implementation work, and it is in bringing those together that an organisation achieves its goal.
Coming together to raise an organisation’s cybersecurity therefore starts with that shared knowledge. What is the menu of concrete solutions, and which underlying security risks do they mitigate? How can we break this down and phase it, and weave it into the way IT projects operate?
Join us at Sirus Connects
Interested in the answers to these questions? Then come to Sirus Connects. In the presentation Cybersecurity in today’s IT landscape, we aim to bridge the gap from the academic to the practical, and offer concrete guidance on how organisations can work on their IT landscape to achieve their security objectives. Will you be listening in on October 9?
Want to follow this live?
Join this session at Sirus Connects on October 9, 2026, from 14h15 to 15h. Register and secure your spot.
Can’t make it? Reach out to us, we are happy to share our experience and discuss how your organisation can turn its cybersecurity objectives into practice.