Security
NIS2 guideline as a benefit to your organisation

NIS2 guideline as a benefit to your organisation

The NIS2 Guideline is a new European legislation that aims to improve cybersecurity for critical and important entities. It sets out a number of obligations and penalties for organisations covered by the directive. Complying with the NIS2 directive is not only a legal obligation, but also a smart move for your business. Indeed, by adopting a cybersecurity strategy in line with the directive, you can reap many benefits, such as improving your reputation and trust, reducing the likelihood and impact of cyber-attacks, saving costs and time, increasing your competitive advantage and innovativeness.

The NIS2 Directive will come into effect on the 18th of October 2024 (in Belgium) as the successor to the NIS Directive, which was adopted in 2016. This new standard expands the scope, obligations and penalties of the NIS Directive. All with the aim of responding flexibly to ongoing cyber threats and the swirling world of digital transformation.

If your organisation falls under this directive, the NIS2 directive may initially come across as a tedious task that can take a lot of time, money and effort. But it doesn’t have to be that way. Rather, the NIS2 directive is an opportunity to strengthen your organisation against cyber threats, with numerous benefits in store. In this article, we explain how to make the most of this opportunity.

Not sure if you are covered by the NIS2 guideline? Talk to our specialists without obligation. Then we will map out all the important information for you!

Schedule your meeting today

What is the NIS2 guideline?

You can also find this information on our previous blog: https://safe-connect.com/nl/waarom-is-de-nis2-richtlijn-zo-belangrijk/

The NIS2 directive, as new European legislation, aims to improve cybersecurity for essential and important entities. So currently, compliance with the guidelines is not yet mandatory, but it will be in October.

NIS2 distinguishes between essential companies and important companies. The difference between these 2 categories is mainly the level of supervision. Essential companies will be strictly monitored. Important companies will only come into the crosshairs if there are indications of non-compliance with the law.

Essential businesses

These include large companies operating in critical sectors, such as energy, healthcare, transport, finance, food, chemicals and government services. These sectors are often specifically targeted by cybercriminals because of their high impact.

They also have:

  • A minimum of 250 employees
  • An annual turnover of more than €50 million and a balance sheet total of more than €43 million

Important companies

Under this umbrella are medium-sized companies operating in the very critical sectors or large organisations operating in the other critical sectors.

  • A minimum of 50 employees
  • An annual turnover and balance sheet total of more than €10 million

Exactly which organisations are covered by the NIS2 directive can be found here:

https://ccb.belgium.be/en/nis-2-directive-what-does-it-mean-my-organization

Important to know: NIS2 companies are going to give preference for its suppliers to the ones who are also compliant. This means that non-NIS2 organisations should also make an effort to maintain their current collaborations.

Some NIS2 measures include:

  • Identifying and assessing the risks to your systems and services
  • Implementing appropriate technical and organisational measures to mitigate risks and ensure continuity
  • Reporting incidents with a significant impact on the availability, authenticity, integrity or confidentiality of your systems or services
  • Conducting periodic audits to check compliance
  • Working with national authorities and other relevant parties to share information and good practices

Failure to comply may result in sanctions. These can be administrative, civil or criminal, depending on national legislation. Consequences can range from high financial fines to revocation of licences or certificates.

You can find the NIS2 legislative proposal for Belgium here.

What are the benefits of a smart cybersecurity strategy?

Complying with the NIS2 directive is not only a legal requirement, but also a smart move for your business. Indeed, by adopting a cybersecurity strategy in line with the directive, you can reap many benefits, such as:

  • Improving your reputation and trust with your customers, partners and stakeholders
  • Reducing the likelihood and impact of cyber attacks on your systems and services
  • Saving costs and time associated with repairing damage after a cyber incident
  • Increasing your competitive advantage and ability to innovate in the digital marketplace
  • Contributing to a more secure and resilient digital space in the European Union

To realise these benefits, it is important to have a cybersecurity strategy that focuses not only on complying with the NIS2 directive, but also on creating a cybersecurity culture in your organisation. A cybersecurity culture involves:

  • Increase the awareness and engagement of your employees, managers and leaders about the importance and responsibility of cybersecurity
  • Improve the behaviour and skills of your employees, managers and leaders on cyber hygiene, such as using strong passwords, recognising phishing emails, updating software, etc.
  • Update and comply with your organisation’s cybersecurity policies and procedures, such as assigning roles and responsibilities, defining processes and protocols, creating contingency plans, etc.
  • Optimise and secure your organisation’s technology and infrastructure in terms of cybersecurity, such as installing firewalls, antivirus, encryption, backups, etc.
  • Encourage and facilitate your organisation’s collaboration and communication on cybersecurity, both internally and externally, with your customers, suppliers, authorities, etc.

How can you prepare for the NIS2 guideline?

To prepare for the NIS2 directive and reap the benefits of a smart cybersecurity strategy, follow these steps:

  • Conduct a risk analysis to identify and assess vulnerabilities and threats to your systems and services
  • Establish an action plan to implement the necessary measures to protect and restore your systems and services
  • Provide a monitoring and reporting system to track and report the performance and incidents of your systems and services
  • Seek external support and advice to help you comply with the NIS2 directive and develop your cybersecurity strategy

Could you use help investigating, securing and reporting on your IT infrastructure? Then get in touch with us using the contact form below.