#CyberWeekly

Forget ransomware for a moment — your CEO is already more worried about fraud. The World Economic Forum's Global Cybersecurity Outlook 2026, based on 800 global leaders surveyed, confirms a striking shift: cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026.

• 73% of respondents say someone in their personal network was affected by cyber-enabled fraud in 2025 — phishing, vishing (voice scams), and smishing (text scams) leading the charge
• SMEs are 2.5× more likely to report insufficient resilience compared to large enterprises. Bigger target, fewer resources
• 87% of leaders see AI-related vulnerabilities as the fastest-growing cyber risk — attackers are automating attacks faster than defenders can patch
• Only 40% of European organizations are confident their country is prepared to respond to major cyber incidents targeting critical infrastructure
• Skills shortages remain the principal barrier, reported by 54% of respondents — which is exactly why MSP-delivered compliance makes sense

The fraud shift matters for Belgian SMEs. Ransomware gets headlines; fraud gets your money directly. A well-crafted phishing email or a convincing voice call impersonating your bank doesn't require a sophisticated hacker — just a convincing script and a distracted employee. The cost of a breach has never been higher, and the attack surface has never been wider.

We've simplified everything. This week we completed our pivot to a clean, MSP-first model: flat €25/client/month, all features included, across all tiers. No per-seat tiers. No feature gates. No percentage-of-revenue math. One number, every client.

• Flat margin model: You charge your client what makes sense for your practice (typically €50–250/month depending on support scope). We charge you €25. The margin is yours
• Client switcher: Jump between client environments from the header — no more logging out and back in. Managing 10 clients is now as smooth as managing one
• Evidence redesign: The evidence section is rebuilt around verification — each piece of evidence shows exactly what's confirmed, what's pending, and what actions are available inline. Less clicking, more clarity
• SME referral engine: SMEs who aren't yet working with an MSP can now be referred directly from the platform. If they find us first, we route them to you
• Simpler website: The "Why ECP" section is now 4 clear pillars instead of 10 scattered sub-pages. Easier to share with prospective clients

Bottom line: Easy Cyber Protection is now purpose-built for MSPs delivering CyFun compliance to Belgian clients. The IT partner guide explains how to position compliance as a service — and why the April 18 NIS2 deadline makes right now the best time to start.

The top 5 compliance platforms by market share — Vanta, Drata, Sprinto, Secureframe, Tugboat Logic — are all US-headquartered, with US-based cloud infrastructure as their default. Most people read that and think: "GDPR covers this. There are adequacy decisions. It's fine." Technically correct. But it misses the real question.

What exactly is in your compliance data?

• Firewall configurations and network architecture diagrams
• Access control lists — who has access to what, and how
• Vulnerability scan results — the gaps you haven't patched yet
• Password policies, incident response procedures, and recovery playbooks
• Evidence of every control you've implemented — or haven't

A breach of your compliance platform doesn't leak personal data. It gives an attacker a complete blueprint of your defenses. The irony is real: the tool meant to improve your security could become your biggest vulnerability. The alternative? A local-first approach where compliance data lives on the client's own infrastructure — their device, their network drive, their control. When a client asks "where is my security posture data?", the answer should be: right here, on your machine. Not in a multi-tenant US SaaS database.

On February 23, Qilin ransomware group added Plan-IT Office Solutions to their leak site — another IT provider in the crosshairs. Qilin entered 2026 on a rampage: 55 victims posted in the first two weeks of January alone, on track to surpass their record-breaking 2025 numbers of 1,000+ confirmed victims.

• No sector restrictions: Manufacturing (23% of targets), healthcare, education, professional services — Qilin hits everything. MSPs and IT providers are especially attractive because one breach unlocks access to dozens of clients
• Affiliate-powered growth: Former LockBit and RansomHub affiliates brought experience and momentum to Qilin after those operations were disrupted — 31.2 petabytes of claimed stolen data in 2025
• Speed is the weapon: Average attack-to-encryption time is now under 24 hours. Patches applied a week late are often too late
• The MSP multiplier: When a managed service provider is compromised, the blast radius extends to every client on their platform. One set of credentials, many victims

For Belgian IT providers managing NIS2 compliance for clients: your own security posture is now part of your clients' risk assessment. Under NIS2's supply chain requirements, clients must evaluate the cybersecurity practices of their key suppliers — and that includes you. The IT partner security guide covers what Belgian MSPs should have in place before they can credibly deliver compliance to others.