Client: Food Packaging company
Sector: Food Industry
Number of employees: 116
Objective: Strengthen continuous employee training to ensure compliance with the NIS2 directive and reduce social engineering risks by developing strategic cybersecurity skills at all organizational levels.
Solution Adopted:
Implementation of two integrated courses: the NIS2 Operational Course for general staff and the Cyber Security Awareness for Management course for managers and executives. The methodology included theoretical lessons, case studies, practical simulations, interactive webinars, and direct involvement of the management team. Topics ranged from regulatory requirements and operational risk management (NIS2) to the psychological aspects of the human factor and strategic cybersecurity governance, with real attack simulations to improve decision-making and organizational resilience.
The Challenge for the company
This mid-sized food packaging company faced increasing regulatory complexity due to the NIS2 directive, alongside increasingly sophisticated cyber threats, particularly social engineering and phishing attacks. The main challenge was bridging the skills and awareness gap at both operational and strategic levels to ensure effective risk management and full regulatory compliance.
The Main Problem Identified
The most critical risk stemmed from the human factor’s vulnerability to social engineering attacks, which could jeopardize production processes and the protection of sensitive data. At the same time, the management lacked adequate tools to lead effective awareness programs and respond promptly to incidents, raising the risk of non-compliance and potential sanctions related to the NIS2 directive.
The Training Approach
To address these needs, an integrated training path was implemented:
- NIS2 Operational Course: Aimed at general staff, this course provided a practical understanding of the principles and requirements of the NIS2 directive, focusing on risk assessment, incident management, and implementation of operational security policies. Case studies and simulations were used to enhance experiential learning.
- Cyber Security Awareness for Management: Targeted at managers and department heads, this course explored the human factor, psychological tactics used by cybercriminals, and strategies for leading effective awareness programs. Realistic attack simulations allowed participants to practice both operational and strategic decision-making, improving risk management at the organizational level.
Training was delivered through a combination of in-person sessions, interactive webinars, and digital materials, with assessment tests and direct involvement of the management team to ensure strategic alignment.
Quantitative and Qualitative Results
The intervention led to a significant increase in cybersecurity awareness among employees, with department heads demonstrating quick and effective responses during simulated attacks. Compliance with the NIS2 directive was strengthened, greatly reducing the risk of penalties. Qualitatively, management acquired strategic capabilities to effectively promote a security-oriented culture, increasing engagement and accountability across the organization.
Conclusion
The integrated adoption of the NIS2 Operational Course and Cyber Security Awareness for Management enabled the company to build a comprehensive cybersecurity culture, enhancing operational resilience and overall security posture. The multidisciplinary training approach and active involvement of management proved to be strategic levers in ensuring business continuity, regulatory compliance, and protection against the most insidious cyber threats in the food industry.
