The deadline is October 17, 2024 - are you ready?
In a world increasingly reliant on digital infrastructures, cybersecurity is becoming more and more important at all levels of society. The new NIS2 Directive is an updated version of the EU's first cybersecurity directive, the 2016 NIS (Network and Information Security) Directive, which takes into account the rapidly advancing threat of today's cybercrime. NIS2 came into force in 2023 and will become mandatory for all member states from October 2024. This means that relevant EU organizations must ensure compliance by then to avoid penalties. Find out more below to find out if the directive applies to your organization and what steps you should take to comply with NIS2 requirements.
Find out what NIS2 means for your organization!
Who is affected by the NIS2 directive
The main change since the NIS Directive came into force is that cybercrime has become an acute national security issue and threatens critical infrastructure. Therefore, it is important that EU organizations in various sectors of society comply with and increase cybersecurity regulations. The new NIS2 regulation applies to medium and large companies in 18 sectors, an expansion from the previous 8 sectors. The organizations concerned are now divided into "essential" and "important", with stricter rules applying to essential organizations.
While the original NIS Directive mainly covered sectors such as energy, transportation, banking and healthcare, NIS2 extends its scope to additional sectors such as postal and courier services, chemicals, food and information and communication services. See Annexes I and II of the Directive for a comprehensive list of the types of essential and significant organizations or find a summary here.
What does compliance with NIS2 entail?
If you have determined that your organization falls under the NIS2 Directive, the next steps mainly consist of. implementing an information security management system Information security management system, including risk management, supply chain security and incident reporting.
The first step is to assess the current cyber security situation of your systems - an IT security audit from Rheintec can help you with this. We offer compliance audits and cybersecurity reviews that give you assurance on where your organization's current strengths and weaknesses lie and what next steps to take.
Specific measures to implement NIS2 in your organization depend on various factors. One requirement of the directive is continuous risk management, which may include basic cyber hygiene measures and network & IT systems security. A key focus of NIS2 is on maintaining the security of the supply chain, which means that the supply chain must also be checked for third-party vulnerabilities that could affect business continuity.
In addition, reporting of cyber security incidents will be more strictly regulated.
Incidents must be reported to the national Computer Security Incident Response Team (CSIRT) - an initial report within 24 hours and a more detailed report within 72 hours. This means that escalation, investigation and decision-making processes in your organization must be well organized to meet the reporting timeline and ensure that appropriate action is taken.
How will the new rules be enforced?
Monitoring and enforcement are important aspects of the NIS2 Directive. Competent authorities can oversee relevant organizations through regular and targeted audits, on-site and remote inspections, and requests for information and access to documents or evidence. These are some of the most significant control and enforcement mechanisms. There are also sanctions for organizations that fail to comply with NIS2 requirements, including mandatory instructions, compliance orders and administrative fines. This is to ensure that essential and important organizations maintain a sufficient level of cybersecurity and do not put critical national infrastructure at risk.NIS2 also encourages increased cooperation between EU member states. The Directive requires the establishment of CSIRTs at national and EU level to facilitate information sharing, incident response and coordination of cybersecurity efforts. By promoting cross-border cooperation, NIS2 aims to improve the EU's collective ability to detect, respond to and mitigate cyber threats.
Possible penalties and fines for non-compliance with NIS2 requirements
Do you know the potential consequences organizations face if they fail to comply with the NIS2 Directive? Organizations that do not comply with the NIS2 directive may face fines and penalties.
How can Rheintec help?
We can help you assess your organization's current cybersecurity compliance and compliance status through an IT security audit that gives you a clear overview of potential gaps and vulnerabilities. Based on the initial assessment, a concrete action plan can be created in collaboration with Rheintec to meet the NIS2 requirements.
Through our Secure by Design architecture and associated engineering expertise, we enable your organization to strengthen the IT infrastructure to achieve world-class security.
In addition, we offer advice and support to establish or evolve your security management to ensure your organization's resilience to cyber threats.
As general cyber hygiene and the associated training and awareness of your staff is an integral part of any information security system, and a specific requirement of NIS2, we offer cyber security training and awareness programs to educate your staff and improve their ability to effectively detect and respond to cyber threats.
Our services and solutions are tailored to your organization and specific needs to establish a robust security framework.
In an increasingly interconnected and digitalized world, cyber security is essential to ensure Europe's stability, security and prosperity. By expanding the scope of its cybersecurity framework, fostering cooperation and coordination between Member States and promoting innovation and resilience, NIS2 lays the foundation for a more secure and resilient European digital future and reaffirms the EU's commitment to protecting Europe's digital frontier.
Are you ready for NIS2?
Make sure your business is ready for NIS2 and protect yourself from cyber threats - arrange a free consultation with our experts today.
