Tabletop with the Board · simulated compromise
Advisory · Executive Briefing & Board Reporting

Cyber briefings supporting the Board.

Fortgale Advisory equips CISO, executive management and the Board of Directors with the tools to take strategic decisions before, during and after a cyber attack. Board-ready posture in risk language, live crisis briefings, audit-ready post-incident reports for regulators, insurers and shareholders. NIS2 and DORA require it — Fortgale makes the process applicable.

Speak with our analysts Before · during · after ↓
NIS2 · DORAApplied compliance
3 timeframesBefore · during · after
Board reports per year
Compliance · accreditations
ISO/IEC 27001
ISO 9001
ISO 14001
ISO 45001
NIS2 ready
DORA aligned
GDPR · ENISA
What we mean

Operational advisory, not slideware.

Fortgale Cybersecurity Advisory is the strategic layer of the defence outpost. It defines posture, translates regulatory obligations into a roadmap, prepares for the worst plausible scenario — and then measures results every quarter.

Is not
  • An annual audit producing a PDF
  • A PowerPoint roadmap without owner
  • Tabletop on generic scenarios
  • Independent vCISO with no data visibility
Is
  • Quarterly-updated risk register
  • Roadmap with KPI, owner, budget, deadline
  • Tabletop on the most probable adversary against you
  • Advisor connected to Fortgale's SOC, MDR and CTI
Three timeframes · one governance

Informed decisions before, during and after a cyber event.

Fortgale's Executive Briefing & Board Reporting covers the three timeframes in which the Board of Directors must be able to decide with data: posture before the attack, crisis choices during the incident, accountability after. It is the framing NIS2 and DORA implicitly require — and that Fortgale makes operational.

Before
Informed posture

The Board approves with data, not feelings.

Periodic briefings to the Board of Directors on the state of the cyber posture, on actors active in the sector, on priority investments. Board-ready documentation for audit committee sessions. Risk appetite is formalised based on evidence, not on feelings.

  • Quarterly risk briefing to the Board · in business risk language
  • Cyber budget advisory · investment priorities based on the threat landscape
  • Formalised and tracked risk appetite statement
  • Board-level tabletop on real actors against the customer's sector
During
Decisions under crisis

Real-time technical picture for traceable choices.

The first hour of an incident is critical. Which assets are compromised? What is the estimated damage? Is the ransom paid? Is the national CERT notified? Is the market informed? The Board decides with the technical picture updated by the Fortgale IR team, not with fragmented information.

  • Crisis room briefing · cadence 1h · 4h · 24h from incident start
  • Decision framework · pay-or-not, notify-or-not, communicate-or-not
  • Support for CERT notification within 24h and 72h documentation (NIS2 art 23)
  • Coordination with DPO, legal, cyber insurance, authorities
After
Lessons & accountability

Audit-ready documentation for regulators and shareholders.

Post-incident report to the Board in risk language. What happened, what worked, what needs to change. Audit-ready documentation with complete audit trail · ready for regulators, cyber insurance, potential civil litigation or director liability actions. Update of the risk register and remediation roadmap.

  • Board-level post-incident review · business language
  • Updated risk register · residual exposure tracked
  • Remediation roadmap with owner, KPI, deadline, budget
  • Chain-of-custody for forensic data · regulators, insurance, litigation
What it includes

Six capabilities, one coherent posture.

The standard Advisory engagement combines risk governance, applied compliance and operational readiness. Each capability is modular based on the customer profile.

01

Continuous Risk Assessment

Not an annual audit, but a quarterly-updated view of risk that reflects the threat landscape observed by the Fortgale CTI: who is targeting your sector, which techniques, which assets they're hitting.

02

NIS2 · DORA · ENISA posture

Gap analysis, remediation roadmap, board-ready documentation. Support for national CERT notification within 24 hours and the 72-hour documentation required by NIS2, plus all DORA requirements for the financial sector.

03

Tabletop on real adversaries

Incident simulations built on the TTPs of the most probable adversary against your sector: LockBit 4.0 against manufacturing, Scattered Spider against insurance, Cl0p against finance. Not generic scenarios.

04

Executive Briefing & Board Reporting

Board briefings before (posture, risk appetite, investments), during (crisis briefings, traceable decisions) and after a cyber event (post-incident report, lessons learned). Four board-ready reports per year, in business risk language and aligned with NIS2/DORA. Capability 04 of the Fortgale CTI service.

05

Third-party risk management

Suppliers are the modern primary attack surface. Fortgale builds a vendor evaluation and monitoring process for critical suppliers, consistent with NIS2 (supply chain) and DORA (third-party ICT risk).

06

vCISO and senior advisor

A senior reference acting as virtual CISO or advisor alongside an existing CISO. Unlike an independent vCISO, the Fortgale advisor is connected to Fortgale's SOC, MDR and CTI: direct visibility on customer incidents and metrics.

How we operate

Five phases, one continuous cycle.

Posture is not a state, it's a process. The Fortgale model combines assessment, roadmap, execution, and review in a quarterly cycle.

  1. 01 · Assessment

    Current posture and gaps

    Analysis of existing cyber posture: governance, processes, controls, assets, regulatory exposure. Mapping against relevant frameworks (NIS2, DORA, ISO 27001, NIST CSF) and identification of critical gaps.

  2. 02 · Threat-profiling

    Adversaries of your sector

    Profile of the most probable threat actors for your sector and size, based on Fortgale CTI: who has already targeted you, who is targeting your peers, which campaigns are active.

  3. 03 · Roadmap

    Operational remediation plan

    12-24 month roadmap with priorities based on real risk, not regulatory checklists. Each intervention has owner, KPI, deadline, and estimated budget. Ready for the Board.

  4. 04 · Implementation

    Execution and tabletop

    Fortgale works alongside the internal team during implementation: runbook review, tabletop on real adversaries to validate readiness, support for NIS2/DORA compliance, vendor governance.

  5. 05 · Continuous review

    Quarterly update

    Quarterly review of posture: what changed in the threat landscape, which remediations are complete, which new risks emerge. Posture is not a state, it's a process.

For whom

Four company types, four angles.

New CISO

First 100 days

A new CISO needs an objective view of the inherited posture, realistic prioritisation, and a partner working alongside them without internal politics. Fortgale Advisory provides the framework, the metrics, and the European context to set up the first 100 days.

NIS2 essential entities

NIS2 essential companies

Essential entities (energy, healthcare, transport, banking, strategic manufacturing) face heavy obligations and tight timelines. Fortgale Advisory translates NIS2 articles into an implementable, audit-demonstrable roadmap.

Financial sector

Banks · insurance · DORA

The Digital Operational Resilience Act requires ICT risk management frameworks, scenario testing, critical vendor governance. Fortgale supports the DORA journey with direct experience on actors targeting European finance (Cl0p, FIN7).

Companies without internal CISO

Mid-market industrial

Mid-to-large manufacturing companies that do not have a full-time internal CISO but are still active targets (LockBit, Akira, BlackCat). The Fortgale vCISO model provides senior coverage at predictable cost.

Regulatory framework

Why the Board must be informed.

Cyber posture is no longer a "technical" matter that can be delegated. European regulation, combined with national corporate law, assigns the Board of Directors supervisory obligations on cyber risk management — and provides for personal liability in case of breaches. Below, the key references.

  • 01
    NIS2 · Directive (EU) 2022/2555 art 20-21

    Management bodies approve cyber risk management measures and supervise their implementation. Personal liability of directors in case of serious violations of NIS2 obligations (sanctions, possible temporary disqualification).

  • 02
    DORA · Reg. (EU) 2022/2554 art 5

    The management body defines and approves the strategy for digital operational resilience and is ultimately responsible. Explicit obligation to maintain adequate competence on ICT risks.

  • 03
    National corporate law · duty to act informed

    Duty to act on an informed basis: directors must assess the adequacy of organisational, administrative and accounting structure · today this includes cyber posture as an integral part. The supervisory body monitors adequacy.

  • 04
    Corporate criminal liability · cybercrime

    Administrative liability of entities for cybercrime offences. The supervisory body must be informed about cyber posture and remediation initiatives.

  • 05
    CSRD · Directive (EU) 2022/2464

    Mandatory disclosure in the sustainability report: the materiality of cyber events (including estimated impact and risk governance) enters ESG reporting for large companies and PIEs.

  • 06
    ENISA · national CERT guidelines

    ENISA and national CERT guidelines on incident reporting requirements, mandatory notification to the national CERT for essential and important NIS2 entities, risk assessment framework.

Fortgale Executive Briefing produces audit-ready documentation for all these frameworks — with complete audit trail, not only for compliance but also for personal protection of directors against potential liability actions.

Research · informs the advisory

The Fortgale advisory is built on proprietary intelligence.

When Fortgale advises a Board on NIS2 or DORA, the starting point is Fortgale's own data: the actors active against your sector, the campaigns observed across your peers, risk decisions grounded in technical evidence — not hypothetical scenarios.

Defence15 Apr 2026

Phishing Kits Bypass MFA and Hijack companies's accounts in minutes

Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced tradition…

Read article →
Featured8 Apr 2026

Investment-Targeted Phishing: How Phishing Kit Fuels Espionage in Funding Rounds

In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is em…

Read article →
Defence13 Mar 2026

Operation Storming Tide: A massive multi-stage intrusion campaign

In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabiliti…

Read article →
Featured4 Sep 2024

Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365

UPDATES: 27.11.2024: As mentioned by TrustWave, "Supercar Phishing Kit" has an high level of overlapping with the most recent update of "Rockstar 2FA Phishing-as-a-Service" 26.09…

Read article →
Featured18 Dec 2023

Espionage activities targeting European businesses

In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities wi…

Read article →
Featured6 Dec 2023

Nebula Broker: offensive operations made in Italy

Fortgale has been tracking an Italian Threat Actor, internally dubbed as Nebula Broker, since March 2022. The actor uses self-made malware (BrokerLoader) to compromise Italian sy…

Read article →
All research on the blog →
Contact · first step

A technical conversation with our analysts.

One meeting, one NDA, one initial risk briefing. You'll receive an objective view of your posture and a concrete roadmap proposal within 72 hours of the meeting.

Response time: < 1 business day.