“Being connected to the ecosystem helps me turn complexity into clarity”
Too many organisations still view cybersecurity regulation as a compliance exercise: a list of obligations, deadlines and controls to tick off as efficiently as possible. For Noëmie Honoré of Wavestone and co-chair of the Belgian Cyber Security Coalition’s EU Regulations focus group, this approach misses the point. “The regulation is meant to be used as a flywheel to structurally raise organisations’ security levels.”
This conviction has been the common thread of her involvement with the Coalition for several years. “Recently, the Regulations focus group has mainly worked on NIS2,” she continues. “That is no coincidence, because the directive affects a broad range of organisations. It has also raised the same questions for many CISOs: what exactly does the law require, how do you translate those requirements into operational measures, and how do you launch a programme without delivering new compliance projects and, at the same time, ensuring business‑as‑usual activities continue smoothly?”
Regulation drives maturity
For her, the outcome of the focus group’s efforts is primarily time gained. “Many CISOs are essentially on their own; not everyone has access to extensive external advice. In that context, the ability to validate ideas collectively is extremely valuable. By unpacking legislation, bringing together experiences from public and private organisations, and sharing lessons learned, we see a common frame of reference emerge,” she explains.
The strong relationships with the Centre for Cybersecurity Belgium (CCB) play a key role in this. “Within the Coalition we can rely on direct contact with the authorities, which makes a fundamental difference. When there are questions, we get answers,” she says. “As a result, projects have been able to move forward more quickly and with a higher level of quality. The Belgian implementation of NIS2 offers an excellent example of this.”
Benchmarks from Wavestone show that organisations in regulated sectors achieve a higher average level of maturity than organisations in non-regulated sectors: 61% compared with 52.3%, according to figures from April 2026. For Noëmie, this data confirms what she sees in practice: regulation helps unlock investment and creates a minimum baseline. “NIS2 is not asking for anything excessive. It is about the cyber hygiene that organisations need today in order to protect themselves.”
Needs on the ground
Alongside her role within the Coalition, Noëmie is also active in other initiatives, including Women4Cyber and Agoria Cyber Made in Belgium. Because of its overarching nature, with branches into government, the private sector and academia, she sees the Belgian Cyber Security Coalition as fundamentally different. “That mix creates depth. Complex topics are not viewed from the perspective of a single interest or sector, but from multiple angles. This diversity makes the Coalition strong.”
Noëmie sees the ecosystem she’s part of not as an “extra”, but as a condition for remaining relevant. “If you are not connected to the ecosystem, you are not connected to the needs on the ground. That means you are lacking some of the information you need to do your job properly. Being connected to the ecosystem helps me turn complexity into clarity and meet real needs Without it, I would feel as though I were missing a leg to stand on.”
