CASE STUDIES · saas

NIS2 readiness for a Hungarian energy SME · passed first audit on schedule

Name: First Kibertan-Act audit: passed · zero critical findings, 3 minor.
Item: NIS2 readiness for a Hungarian energy SME · passed first audit on schedule
Rating: 5
Author: Anonymised Hungarian energy SME

Turned a manually-maintained energy-sector SME into a NIS2-ready organisation in 14 weeks · from gap assessment to passing the first Kibertan-act audit on schedule.

Timeline14 weeks

← Back to case studies

Dezső MezőFounder

Reviewed by20 November 2025

01 / First Kibertan-Act auditpassed · zero critical findings, 3 minor.

02 / MTTR on simulated incidents4h → 45min.

03 / Vendor security coverage0% → 100% with signed DPAs.

04Security spend < 1% of revenue · no enterprise tool upgrade needed.

The problem01 / 03

01NIS2 transposition made the company an 'important entity' overnight · unprepared.
02Existing IT: flat network, mixed patch status, no SIEM, no incident runbooks.
03Supply chain had 4 third-party ICT vendors without DPAs or security review.
04Budget was tight; buying enterprise tooling wasn't an option.

The solution02 / 03

01Gap-assessment against NIS2 + Kibertan Act · prioritised 42-point roadmap.
02Network segmentation via pfSense + Tailscale for OT/IT separation.
03Wazuh SIEM + Elastic Security for log aggregation + detection rules.
04Vendor security review process + DPA rollout to the 4 third parties.
05Incident-response runbook + quarterly tabletop exercises.

The outcome03 / 03

01First Kibertan-Act audit: passed · zero critical findings, 3 minor.
02MTTR on simulated incidents: 4h → 45min.
03Vendor security coverage: 0% → 100% with signed DPAs.
04Security spend < 1% of revenue · no enterprise tool upgrade needed.

CASE STUDIES

Let's get started.

Send an email or book a 30-minute call.

Back to case studies