#CyberWeekly

The Cybersec Europe 2026 jury has shortlisted Easy Cyber Protection for the "Best Cybersecurity Innovation Europe" award. The pitch is May 20 at Brussels Expo, the ceremony May 21. Tickets free for visitors.

• What's being judged: a jury award (not a public vote) recognising European cybersecurity innovation. ECP's submission is the MSP audit-readiness engine — CyFun + NIS2 evidence work, structured as a partner workflow rather than a tick-box compliance product
• When: the 5-minute pitch slot is Tuesday May 20 at 16:30 on the Cybersec Europe main stage. The award ceremony is Wednesday May 21 at 12:15. Both at Brussels Expo
• The Belgian angle: CyFun is a Belgian framework, NIS2 transposition is Belgian-led at the CCB, and the audit-readiness problem is hitting Belgian SMBs every week. A made-in-Belgium product on the European innovation shortlist for an audit-readiness problem first felt in Belgium

Win or not, the shortlist is independent jury validation that an MSP-first compliance engine is a category worth recognising. Want to talk about the engagement model? Reach out via /contact.

Two things shipped this week that change the shape of an MSP engagement: a co-branded weekly micro-learning newsletter you send to your clients' employees under your own brand, and an Ed25519-signed .ecpbundle.zip so an auditor can verify nothing in a deliverable was tampered with after export.

• Client micro-learning newsletter: one short issue per week (TL;DR + 3 bullets + a news bite) condensed from a /learn/ article. Branded with your logo and colour. EN/NL/FR per recipient. Subscribers auto-added when you invite new client users — no list to maintain by hand
• MSP-scoped authoring: a partner UI to create, edit, preview, and send issues for your own clients only. Dedupe across overlapping client orgs (one email per recipient per issue), per-issue delivery log so you can prove who got what, one-click unsubscribe baked into every send
• Ed25519-signed bundles: every exported .ecpbundle.zip is now signed with a per-server private key. The matching public key is published at /.well-known/bundle-pubkey.pem so an auditor (or another ECP instance) can verify the bundle reached them unaltered
• Why it matters for the audit: security-awareness training is a CyFun control and an NIS2 expectation. The weekly newsletter is the lightest possible recurring evidence — and now the export an MSP hands an auditor carries its own tamper-evidence

The throughline: an audit-ready MSP needs two things buyers ask about — recurring end-user training and provably-untampered evidence. Both now ship with the platform. See our employee-training guide for the control mapping.

The annual Verizon Data Breach Investigations Report is the most-cited corpus in the industry, and the 2026 edition published this week. The headline is the lack of headline: small organisations remain the over-represented victim class, and the access patterns have not meaningfully shifted.

• Small businesses over-represented: SMBs continue to make up a disproportionate share of confirmed breaches relative to their share of the economy. The MSP-managed segment is exactly the cohort the report keeps describing
• The human element is still the front door: stolen credentials, phishing, and social engineering remain the dominant initial-access vectors. Every "fancy new attack" headline lands on top of a baseline that has been the same for years
• Web apps and email keep doing the heavy lifting: internet-facing applications and email remain the top breach pathways. The boring controls — MFA everywhere, patching, email auth — are where the gap-closing lives

If the report confirms anything an MSP already knew, it confirms that an audit-readiness baseline (MFA, patching, training, logging) is not "compliance theatre" — it is the same control set that would have stopped most of the breaches Verizon counted. Pair with our phishing and password guides for the end-user training angle.

The Centre for Cybersecurity Belgium's 2025 numbers, surfaced again this week alongside the post-April-18 NIS2 audit cycle: 635 incident notifications across the year, a 70% jump on 2024. The leading categories are unglamorous, which is the point.

• Top category: account compromise. 144 cases — the MFA gap, the reused-password gap, the no-conditional-access gap. The control auditors will ask for first
• Second category: ransomware. 105 cases — and the cadence so far in 2026 (one named Belgian SMB per week on a leak site) suggests the line is still going up, not down
• The 70% jump is partly a reporting effect: NIS2 raised the obligation to notify and lowered the friction. The number going up does not (only) mean attacks went up — it means more attacks are now visible to the regulator

For MSPs: the controls that move the top two categories are the same ones already on the audit-preparation checklist. Account compromise = MFA + conditional access + privileged-access review. Ransomware = patching + segmentation + tested backups. Boring is still working.