The EU’s NIS2 cybersecurity directive is right around the corner, with its October 17, 2024, deadline looming large for organizations across Europe. This means now is the time for companies operating in Europe or with European companies to get their houses in order to ensure compliance.
Who is in scope?
The NIS2 directive applies to a wide range of essential and important sectors. Here’s the breakdown to determine where you fit in:
- Essential Sectors: Energy, Health, Transport, Finance, Water Supply, Digital Infrastructure, Public Administration, Space.
- Important Sectors: Digital Providers, Postal Services, Waste Management, Food, Manufacturing, Chemicals, Research.
High-level NIS2 requirements
Organizations in essential and important sectors must adhere to several key requirements under NIS2. This is a high-level overview of those requirements.
- Risk management: Put measures in place to manage your cybersecurity risks and minimize any impact from potential threats.
- Incident reporting: Report significant threats within 24 hours of detection.
- Supply chain security: Ensure cybersecurity practices are maintained across your supply chain.
- Business continuity: Have plans to maintain and restore essential services during and after a cybersecurity incident.
- Senior management accountability: Top management is responsible for and involved in cybersecurity compliance.
How to build momentum for your NIS2 journey
New and evolving regulations can be overwhelming for any organization. Here are a few key steps to take to build momentum and secure some ‘easy wins’ as you embark on your NIS2 journey.
Conduct an applicability assessment
Understanding how NIS2 impacts your organization is the first step. Determine whether your company falls under the directive’s scope by assessing your societal role and the criticality of your services. This involves evaluating if all or just parts of your business are affected and how they align with the NIS2 criteria.
Implement ISO 27001
Using ISO 27001 as a foundational cybersecurity framework can help your organization comply with many NIS2 requirements. ISO 27001 provides a comprehensive set of controls for managing information security risks, which is well-aligned with NIS2’s focus on organization resilience. However, NIS2 introduces additional requirements, beyond ISO 27001, including incident reporting within 24 hours and supply chain security measures.
According to the European Union Agency for Cybersecurity (ENISA), while ISO 27001 provides a solid baseline, it must be supplemented with additional measures to fully comply with NIS2 standards.
Ensure senior management accountability
Senior management are now more accountable than ever for cybersecurity. Under NIS2, they could be personally liable for violations. This means they must have a robust approach to cybersecurity in their organizations and allocate the necessary resources. The EU underscores the importance of leadership commitment in achieving compliance and enhancing the organization’s cybersecurity posture. This involves ensuring that senior leaders are engaged, informed, and proactive about risks and mitigation strategies.
Business continuity planning
NIS2 places emphasis on business continuity planning for ICT systems. Organizations must have plans in place to maintain operations during cyber incidents, particularly for critical functions such as video communication. Effective business continuity planning means that essential services can continue without significant disruption. The NIS2 directive mandates that organizations be prepared to both handle and recover from ICT service disruptions, ensuring greater resilience and minimal productivity losses during an attack.
Your roadmap to a robust cybersecurity posture
With NIS2, organizations are encouraged to be even more proactive when it comes to cybersecurity, moving beyond basic compliance and into strategic risk management. With this comes regular risk assessments, continuous monitoring of threats, and the implementation of advanced security measures. NIS2 also stresses the importance of collaboration between organizations and national authorities to enhance resilience. According to ENISA, by fostering a culture of security awareness and implementing best practices, organizations can better protect themselves against evolving cyber threats.
Get started on your business continuity planning. We’re here to help you ensure video communication and collaboration no matter what. Find out more here.
- Meet & collaborate securely
- Secure Meetings
- Business Continuity
%20header.jpg?width=500&name=Secure%20meetings%20Pillarpage%20(primary%20solition)%20header.jpg)