Why is the NIS2 directive so important?
Are you familiar with the new NIS2 yet? It is the successor to the 2016 NIS1 directive, often referred to as the very first cybersecurity legislation in the world. It is a European Union initiative to raise cybersecurity standards. But what exactly does this successor mean for you and your organization? You can read all about it in this blog!
What is the NIS2 directive?
The NIS2 directive imposes a number of obligations on governments and companies operating in critical sectors. Examples include energy, health, transportation, finance, food, chemicals and government services. These industries are often an interesting target for cybercriminals because of the potential impact. This is exactly why they should take extra measures to protect their network and information systems.
For NIS2, a distinction is made between essential companies and important companies. The difference between these 2 categories is mainly the level of supervision. Essential companies will be strictly monitored. Important companies will only come into the spotlight if there are indications that they do not comply with the law.
Essential companies
This includes large companies operating in critical sectors, such as energy, health care, transportation, finance, food, chemicals and government services. These sectors are often specifically targeted by cybercriminals because of their high impact.
They also have:
– At least 250 employees
– Annual sales of more than €50 million and a balance sheet total of more than €43 million
Major companies
Under this heading are medium-sized companies operating in the very critical sectors or large organizations operating in the other critical sectors.
– A minimum of 50 employees
– An annual turnover and balance sheet total of more than € 10 million.
Exactly which organizations fall under the NIS2 guideline can be found here: https://ccb.belgium.be/en/nis-2-directive-what-does-it-mean-my-organization
Important to know: NIS2 companies may only purchase services or products from a supplier that also meets the guidelines. This means that non-NIS2 organizations should also make an effort to maintain their current collaborations.
Are you one of them? Find out exactly what that means for your organization here.
NIS2 finally puts your cybersecurity in the spotlight
With an ever-growing reliance on network and information systems, the risks of cyber attacks have also increased significantly. The NIS2 directive aims to protect your infrastructure from digital threats in the best possible way. With smart security solutions, you also ensure that you are able to respond quickly and efficiently in case of an incident. You can actually see these new measures as a roadmap to better protect your organization.
What does the NIS2 directive mean for your organization?
If your organization is covered by the NIS2 directive, that means you are supposed to meet a number of cybersecurity requirements. Some of the actions are:
- Conducting a risk analysis to identify potential threats and vulnerabilities to your systems
- Implementing appropriate technical and organizational measures to mitigate
or prevent these risks - Establishing an incident response plan to respond quickly and effectively to cyber incidents
- Appointing a key contact responsible for cybersecurity within your organization
- Implementing Cybersecurity Awareness trainings
- Participating in audits, inspections or investigations by the competent authority
- Providing necessary information to the competent authority or other relevant parties (such as suppliers or customers) about your cybersecurity status or incidents.
- Continuous monitoring and reporting of your IT infrastructure
Are you covered by the NIS2 directive and did not have these measures in place on time? Then penalties may be just around the corner. These may include fines, potential reputation damage and legal consequences. It is good to know, however, that these sanctions have a good intention. Namely that the security of your IT infrastructure is safeguarded.
How do you prepare your organization for NIS2?
The NIS2 directive has already been in effect since Jan. 16, 2023, but each member state still has until Oct. 17, 2024, to implement it into national law. So no time to lose! It is advisable to start now so that by October 2024 everything is in place.
You’re probably thinking to yourself “a whole laundry list of rules and measures”. However, rest assured. As a security partner, we would like to help you so that your organization complies with NIS2. That way you can be sure of digital security and enjoy high productivity with smart solutions.