Full Report
The Centre for Cybersecurity Belgium (CCB) reported a sharp rise in cyber incidents and reporting activity in 2025,... The post CCB report reveals rising cyber pressure on critical infrastructure as reporting surges under NIS2 appeared first on Industrial Cyber.
Analysis Summary
# Industry News: CCB Report Highlights Rising Regulatory Pressure and Asset Visibility Under NIS2
## Summary
The Centre for Cybersecurity Belgium (CCB) has reported a 70% increase in cyber incident reporting for 2025, a surge primarily driven by the implementation of the NIS2 directive. While incident volumes have risen to 635 reported cases, the data suggests this reflects improved detection and mandatory compliance rather than a proportional increase in raw attack frequency.
## Key Details
- **Date:** March 27, 2026
- **Companies Involved:** Centre for Cybersecurity Belgium (CCB), various critical infrastructure sectors, and threat actors (NoName057(16), Qilin, Akira, Clop).
- **Category:** Industry Report / Regulatory Compliance Analysis
## The Story
The CCB’s 2025 annual findings reveal a "new normal" for Belgian critical infrastructure, characterized by high transparency and persistent threat activity. Of the 635 reported incidents, 556 were confirmed cyberattacks—a 58% year-over-year increase. The report highlights that account compromise (144 cases) and phishing (10 million reported emails) remain the primary vectors.
The landscape is currently shaped by two major forces: the regulatory mandate of the NIS2 directive, which has ended the era of underreporting, and a fragmented ransomware ecosystem following the takedown of LockBit. Additionally, Belgium has become a primary target for pro-Russian hacktivist groups like NoName057(16), though the CCB’s "Red Button" procedure has successfully mitigated the operational impact of these frequent DDoS campaigns.
## Business Impact
### For the Companies Involved (Critical Infrastructure)
- **Increased Compliance Costs:** Organizations must invest in robust reporting mechanisms to meet the 80% surge in disclosure activity.
- **Operational Resilience:** While attacks are more frequent, the "Red Button" coordination suggests that participating in centralized defense frameworks reduces downtime.
### For Competitors (Cybersecurity Vendors)
- **Market Demand Shift:** There is a growing opportunity for Managed Detection and Response (MDR) providers that can automate the reporting requirements mandated by NIS2.
- **Identity Security Focus:** With account compromise as the top threat, vendors specializing in IAM (Identity and Access Management) and MFA are seeing increased relevance.
### For Customers
- **Improved Transparency:** End users benefit from clearer communication regarding service disruptions and data breaches due to mandatory disclosure rules.
- **Service Stability:** Increased focus on critical infrastructure resilience helps protect essential utilities (water, energy, transport) from geopolitical spillover.
### For the Market
- **Standardization of Risk:** The shift from "hidden" risks to "visible" reported incidents allows for more accurate cyber insurance underwriting and risk assessment across the EU.
## Technical Implications
- **Advanced Social Engineering:** The rise of "ClickFix" and "FileFix" techniques indicates a shift toward "hands-on-keyboard" social engineering where users are tricked into executing malicious code.
- **DDoS Mitigation:** The success of the CCB coordination procedure highlights the necessity of real-time, nation-scale traffic scrubbing and threat intelligence sharing.
## Strategic Analysis
- **Market Positioning:** The CCB is positioning Belgium as a proactive leader in NIS2 enforcement, moving beyond simple defense to "managed transparency."
- **Competitive Advantage:** Organizations that adopt early detection and automated reporting gain a compliance advantage and reduce the risk of regulatory fines.
- **Challenges:** The fragmentation of ransomware groups (Qilin, Akira, etc.) makes attribution more difficult and requires a "defense-in-depth" approach rather than focusing on a single perceived adversary.
## Industry Reactions
- **Analyst Opinions:** Analysts view the report as proof that NIS2 is working as intended—not by stopping all attacks, but by surfacing them to ensure a coordinated national response.
- **Market Response:** There is an increased move toward agentic automation (as seen with Tenable and Darktrace) to handle the scale of exposure management.
## Future Outlook
- **Predictions:** Reporting volumes are expected to remain high through 2026 as more medium-sized enterprises fall under the expanded scope of NIS2.
- **What to Watch For:** Watch for the transition of hacktivist tactics from simple DDoS to more damaging "OT-targeted" disruptions as geopolitical tensions persist.
## For Security Professionals
Practitioners should focus on **Identity Security** and **Incident Response Automation**. Given that 2025 saw a massive rise in reporting without a direct correlation to manpower increases, professionals must utilize tools that can auto-generate compliance reports and provide high-fidelity alerts to avoid "notification fatigue" under the new NIS2 rules.