Weekly Cybersecurity Digest [November, Week 5]
Posted on December 2, 2025
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense, your trusted partner in building measurable resilience across Europe’s policy, talent, and threat environments. The final week of November spotlighted the shift from isolated incidents towards structural cyber resilience – where skills pipelines, cultural awareness, and EU-wide governance converge.
From conferences driving practitioner capability to regulatory reforms tightening liability, the message is unmistakable: cyber maturity now rests on people, process, and policy in equal measure.
✅ Top Stories of the Week
i. Cybersecurity Business Convention (CBC) in Toulouse Focuses on AI, NIS2 and Sector Resilience
Held in Toulouse, the Cybersecurity Business Convention (CBC) gathered over 3,500 attendees, 220+ exhibitors, and 80+ conferences on topics such as AI-driven defence, space-sector vulnerabilities, health data protection, and NIS2 compliance. The trade show positioned itself as a strategic hub for European CISOs and solution providers, combining live simulations, workshops, and recruitment activities to strengthen cyber resilience across the public and private sectors. [Read more via NERO Cybersecurity]
ii. ENISA Awareness Conference in Zagreb Spotlights the Human Factor in Cyber Defence
ENISA’s second Cybersecurity Awareness Raising Conference in Zagreb brought together European experts to explore “Empowering the Human Element”. Sessions examined how AI can enhance awareness campaigns, how to measure their impact, and how gamification can change user behaviour. The conference, hosted with Croatian partners, stressed that technical controls alone are insufficient without a sustained, people-centred security culture across Europe. [Read more via cybersecurity-centre]
Consider: Which user-behaviour risk – phishing susceptibility, privileged misuse, or weak authentication is most overlooked in your organisation?
iii. Danish EU Presidency Hosts High-level Cybersecurity Conference in Copenhagen
Denmark’s EU presidency convened around 250 senior representatives from EU institutions, member states and industry for a one-day cybersecurity conference in Copenhagen. Discussions focused on strengthening public–private partnerships, improving crisis management, and advancing Europe’s technological sovereignty under frameworks such as NIS2. The event underlined the importance of coordinated policy, industry cooperation, and investment for EU-wide cyber resilience. [Read more via cybersecurity-centre]
✅ Industry Trends & Insights
ENISA Maps Top NIS2 Cyber Risks for Europe’s Critical Sectors
On 26 November 2025, ENISA released its “NIS2 Threat Landscape 2025” analysis, mapping key cyber risks facing Europe’s NIS2-regulated sectors. The report highlights surging supply-chain compromises, identity-based attacks, cloud misconfigurations and increasingly sophisticated zero-day exploitation. ENISA urges operators of essential services to strengthen monitoring across identity, cloud and third-party suppliers ahead of 2026 NIS2 supervision cycles. [Read via DIAMATIX]
Reflect: Which monitored telemetry – identity, cloud workload, or supplier access – delivers the earliest warning signal in your environment?
EDRi Warns “Digital Omnibus” Rollback may Undermine EU Data-security Standards
On 27 November 2025, EDRi released its newsletter, explicitly warning that the European Commission’s Digital Omnibus proposals risk weakening core safeguards under the General Data Protection Regulation (GDPR), ePrivacy, and the EU AI Act. EDRi argues that the reforms would lower protections, expand intrusive data access, and widen legal exceptions – undermining digital rights across the EU. [Read more via European Digital Rights]
✅ Regulatory & Policy Updates
ENISA Reports Italian Cybersecurity Overhaul under NIS2 & Corporate Liability Law
On 28 November 2025, a report detailed Italy’s comprehensive update to its cybersecurity regulation, transposing the NIS2 Directive while integrating corporate liability under D.Lgs. 231/2001. The reforms tighten incident reporting, supplier risk governance, and executive accountability for companies deemed “essential or important.” Experts warn that multinational firms working in Italy must revise their compliance frameworks immediately. [Read more via Debug Lies]
Reflect: Does your board-level accountability model clearly assign liability for NIS2 failures across subsidiaries and joint ventures?
EU Agrees on New Rules to Strengthen Online Fraud Protection
On 27 November, EU member states and the European Parliament agreed on new rules requiring banks and payment service providers to better protect customers from online fraud, hidden fees, and data leaks. Providers will be liable for losses if they fail to implement adequate anti-fraud measures and must freeze suspicious transactions, while online platforms must remove fraudulent ads. [Read more via Reuters]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz
What factor most determines sustainable cyber resilience across NIS2-regulated sectors?
A) Point-solution technological upgrades
B) Skills pipelines and behaviour-driven training
C) Annual third-party audits
D) Vendor procurement consolidation
(Answer below)
Smart Security Moves of the Week
- Talent acceleration: Map your cyber workforce gaps to capability clusters (identity engineering, OT security, cloud workload protection) and invest in pipeline partnerships.
- Human-centric security: Run one gamified behaviour simulation this quarter – phishing + identity compromise + post-event escalation.
- Cross-sector rehearsal: Stage a tabletop mimicking EU-style coordinated response: regulator notification + supplier disruption + media narrative management.
- NIS2 readiness uplift: Assign single-owner accountability for supply-chain risk, incident reporting, and liability clarity across key internal stakeholders.
Answer: B) Skills pipelines and behaviour-driven training.
✅ Conclusion
From industry summits in Toulouse and Zagreb to Danish-led policy coordination and NIS2-driven accountability reforms, this week highlighted a pivotal shift: Europe is treating cyber resilience as both a workforce challenge and a governance imperative.
Operational maturity is no longer software-centric – it is talent, partnership, and supervision.
Final reflection: If a cross-sector cyber incident struck tomorrow, could your organisation mobilise people, partners, and reporting paths faster than the adversary could move?
At Make Sense, we translate intelligence into measurable defence – strengthening cyber capacity, operational rehearsal, and governance confidence across every digital layer.
Stay secure,
The Make Sense SRL Team & CyberTania
