Prepare your team for phishing, and your organization for NIS2
Vigilon combines phishing simulations, short cyber awareness training, KPI reporting, and audit-ready evidence for organizations covered by the Polish NIS2 Act.
Why act now?
The amendment to the Polish NIS2 Act requires real action, not only documentation. Key and important entities must, among other things, assess their status, register in the official list, prepare an information security management system, use the S46 system, train personnel and keep evidence of compliance.
The Polish Ministry of Digital Affairs emphasizes that a “NIS2 binder” with signed documents alone does not ensure compliance. Organizations need procedures that work in practice, education, reporting and continuous measurement of cyber risk.
Entities meeting the criteria for key or important entities submit applications through the S46 system.
This is the deadline for entities that met the criteria on the day the new law entered into force.
Entities should adapt their information security management system and start using S46.
Key entities must prepare for audit, and after this date financial penalties may generally be imposed.
How Vigilon supports organizations covered by the Polish NIS2 Act (KSC)?
Vigilon turns cyber awareness requirements into a repeatable process: phishing simulation, short education, susceptibility measurement, reporting and continuous reinforcement of secure habits. It is a practical way to demonstrate action under NIS2, the Polish NIS2 Act, ISO 27001 and DORA.
Realistic phishing scenarios
Polish scenarios of phishing simulations adapted to local business communication and threat patterns.
Personnel training required by Polish NIS2 Act
KSC requires ongoing personnel education on cybersecurity, procedures and current threats.
KPI reports for compliance
Susceptibility, reports, training completion and trend indicators for management and audit.
Evidence for NIS2 & ISO audits
Reports with campaign history & KPIs to support audits and management conversations.
Cybersecurity is not only an IT topic – it’s a management responsibility
The Polish Ministry of Digital Affairs’ Polish NIS2 Act FAQ indicates that the head of the entity is responsible for the information security management system, cybersecurity budget, allocation of responsibilities, supervision over implementation and personnel awareness. Importantly, this responsibility remains with the head of the entity even when some tasks are delegated to others.
Decisions, budget and oversight
Management of the entity should ensure funding and supervision over information security implementation.
Mandatory cyber awareness
Management and personnel must understand obligations, procedures and threats. Vigilon helps measure and document this.
Compliance must be proven
The authority may request evidence of ISMS implementation — not only formal documents, but also proof of practice.
NIS2 is not just an obligation. It is an advantage.
The infographic explains NIS2 readiness benefits, including penalties up to 10 million euro, 24 hour CSIRT incident reporting, management accountability, phishing resilience and audit evidence.
How Vigilon works
Graphical explanation of how Vigilon works: import users, launch phishing campaigns, employee reaction and learning, results and evidence for NIS2 and ISO.
Why should phishing awareness be measured regularly?
Phishing risk does not disappear after a one-off training session. Reports and studies show that the human element remains one of the main factors in security breaches, and the effectiveness of an awareness program depends on repeated practice, feedback and measuring behavior over time.
Indicator sources: Verizon 2025 Data Breach Investigations Report SMB Snapshot for the human element in breaches; Computers & Security 2024, “Exploring the evidence for email phishing training”; Ruhr University Bochum, “Spotlight on Phishing”; Polish NIS2 Act FAQ of the Polish Ministry of Digital Affairs for the number of CSIRT incident reports in 2025.
Choose a Vigilon plan for your organization
Trial
2 weeks freeFor teams that want to test Vigilon before choosing a paid plan.
No payment required
- no credit card required
- access to phishing simulations
- short cyber awareness training
- basic KPI reporting
Starter
449 PLN/monthFor small teams that want to see first results quickly.
Up to 25 users
- one campaign per week
- ready-made PL scenarios
- safe landing pages after click
- reports in the dashboard
Business
1299 PLN/monthFor companies that want to regularly measure risk and report progress.
Up to 100 users
- campaign schedule control
- more PL and EN scenarios
- dashboard reports + CSV export
- regular trend measurement
Enterprise
2999 PLN/monthFor organizations that want onboarding and expert support.
- everything in Business
- dedicated onboarding
- employee communication materials
- priority support
Frequently asked questions about Vigilon
What is Vigilon and what does it actually give a company?
Vigilon is a cyber awareness platform that combines phishing simulations, short training, KPI reports and evidence of action. It helps reduce the risk of human error and show progress to management, auditors or business owners.
Does Vigilon help with NIS2 and the Polish NIS2 Act?
Yes. Vigilon supports practical activities required in cyber hygiene, training, employee awareness and governance evidence. It does not replace a full ISMS, but it helps quickly launch a measurable awareness program and collect evidence of personnel education.
Which Polish NIS2 Act obligations does Vigilon support?
Vigilon supports personnel education, cybersecurity awareness, KPI reporting, documentation of training activities and preparation of evidence that may be useful in an audit, control or management discussion.
Does management also need to be involved?
Yes. The Polish NIS2 Act indicates obligations of the head of the entity, including ISMS oversight, resource planning, task allocation, ensuring personnel awareness and their own cybersecurity training.
Why should we start before the Polish NIS2 Act deadlines?
Registration and formal deadlines are only part of the obligations. Employee habits, reporting procedures and real evidence of action take time. Starting earlier lets you build campaign history and trend data.
How quickly can I start phishing simulations?
Usually in minutes: add users, choose a scenario, set the schedule and launch the campaign. No installation on employee computers is required.
Do employees need to install any applications?
No. Everything works through e-mail and an educational landing page. This allows you to launch a phishing awareness program without a long implementation project.
Do I need a credit card for the 2-week trial?
No. The 2-week trial does not require payment and does not require a credit card. You can test Vigilon first and choose a paid plan later.
Vigilon: phishing awareness and compliance for NIS2
Launch your first campaign, show progress in reports and start building evidence of awareness activities.