What you can expect from NIS2

Do you have more than 50 employees or more than 10 million euros in turnover? Or are you classified as a critical organization by the government? Then you probably know that NIS2 is coming your way.  

What is nis2 directive?

The NIS2 Directive extends and builds upon the prior EU cybersecurity directive, NIS. Put forth by the European Commission, its purpose is to address and rectify the shortcomings identified in the original NIS directive.

The primary objective of NIS2 is to bolster the security of network and information systems across the European Union. It achieves this goal by mandating that operators of critical infrastructure and essential services adopt suitable security measures and promptly report any incidents to the appropriate authorities.

WHO IS AFFECTED BY NIS2?

The growing threat situation from cyberspace and geopolitical developments are increasing the risk of critical infrastructure facilities being compromised by cyberattacks. That sounds like a challenging task.

The NIS2 Directive (EU) 2022/2555 therefore came into force on 13 January 2023.

The aim of this directive is to achieve a high standardized level of cybersecurity, particularly for critical facilities, service providers and authorities in the EU. Member states are required to transpose the requirements into national law by October 2024.

A total of 18 sectors are affected and therefore a significantly expanded target group of companies with at least 50 employees and a minimum annual turnover of 10 million euros. National legislators can name additional specific entities that they categorize as "essential" or "important" entities and should be regulated as such.

REPORTING OBLIGATIONS IN THE EVENT OF SECURITY INCIDENTS

In addition to expanding the sectors of affected companies, NIS2 sets out specific requirements for the implementation of a minimum consensus on risk management measures, increased management responsibility combined with time-defined reporting deadlines and sanctions in the event of violations.

NIS2 emphasizes the responsibility of management. Legislators are serious about cyber security and are introducing stricter penalties for breaches. Companies must comply with three-stage reporting obligations in the event of serious security incidents (line 462ff. §31 reporting obligations), which apply in the event of operational disruptions or financial losses.

Late submissions can lead to penalties. It is therefore advisable to establish a reporting concept. This ensures that, in the event of a security incident, companies know which authorities need to be notified in order to meet the tight deadlines.  

The aim of the NIS2 risk measures is to prevent security incidents or minimise their impact

To this end, institutions must take appropriate technical, operational and organizational measures to control and minimise the risks to their network and information systems.

Overall, comprehensive security controls help to ensure the integrity, availability and confidentiality of systems and data. DriveLock solutions and their combination of prevention, detection and response mechanisms form a robust line of defence against a wide range of cyber threats.

SUCCESSFULLY IMPLEMENTING SAFETY MEASURES WITH DRIVELOCK

Organizations and companies that address the following security measures are best prepared for a successful NIS2 transformation:

DriveLock helps you avoid cyberattacks and security incidents right from the start. Our technology helps to prevent security breaches, recognise potential threats early and take effective security measures before they become problems. Focus on proactivity and prevention instead of reactive measures.

Protect your end devices in just a few minutes at the touch of a button. Does DriveLock meet your requirements? Test our solutions easily and free of charge for 30 days.