Understanding the NIS2 Directive: Key Points for Your Business
The European Union’s NIS2 Directive, set for adoption by member states by October 17th 2024, aims to enhance cybersecurity across critical sectors. This directive supersedes the original NIS and introduces updated measures to combat cyber threats, ensure data protection, and improve incident response.
Why the Update?
The initial NIS guidelines helped bolster cybersecurity, but evolving cyber threats and recent attacks necessitated a more robust framework. NIS2 harmonises cybersecurity practices across the EU, reducing cross-border inconsistencies and enhancing overall protection.
Who’s Affected?
NIS2 impacts organisations in 12 sectors, including energy, transport, banking, healthcare, digital infrastructure, and more. Companies with over 50 employees or €10 million in turnover, as well as smaller critical entities, fall under its scope.
What Should Businesses Do?
- Implement Strong Encryption: Ensure robust encryption standards for data protection.
- Secure Supply Chains: Extend cybersecurity measures to partners and suppliers.
- Prepare for Incidents: Develop a comprehensive incident response plan.
- Ensure Business Continuity: Implement strategies for continued operation during disruptions.
- Share Information Securely: Collaborate and share threat intelligence safely.
- Promote Cyber Hygiene: Train employees on cybersecurity best practices.
- Maintain Access Control: Use stringent access control and asset management policies.
- Regular IT Maintenance: Keep systems updated with the latest security patches.
Tying in with CER
NIS2 works alongside the Critical Entities Resilience Directive (CER), focusing not only on cybersecurity but also on physical security and resilience against various threats.
Next Steps
Review and improve how your organisation handles data, ensuring employees are comfortable with new security measures. Investing in strong cybersecurity infrastructure and practices will not only help in compliance but also enhance overall operational efficiency and reputation.
For further details and tailored advice, consider consulting cybersecurity experts and utilising secure digital tools like safedrop.