Comply with European security requirements effectively
The deadline for transitioning from NIS to NIS2 is rapidly approaching, and it's crucial to act now. The European directive on network and information system security demands compliance with legislation by the end of 2024.
This can affect your organisation since NIS2 applies to a wider range of organisations and requires meeting stricter security requirements. Don't wait until it's too late - take the necessary steps to prepare with NIS2 compliance today.
Dirk de Goede, Security Solution Specialist at Insight, explains what the consequences can be for companies and organisations that fail to comply with NIS2 regulations
In 2023, the European Union introduced the revised NIS Directive - NIS2 - to enhance network and system security across the EU and reduce the impact of cyber-attacks on society and the economy. NIS2 introduces stricter rules than its predecessor, including measures for cybersecurity risk management and incident reporting obligations.
Organisations that fall under the new NIS2 guidelines must comply with the new standard by October 17, 2024, emphasising the need to prepare for NIS2 Compliance promptly.
The NIS2 Directive applies to specific sectors, including energy, transport, banking, and more. To comply with the directive your organisation must have at least 50 employees or an annual turnover of £8.7 million.
There are two categories of entities:
Category 1: Entities with a minimum of 250 employees and/or an annual turnover of £43 million and/or an annual balance sheet total of £36 million are regarded as "essential" and will face stricter supervision and enforcement.
Category 2: Entities with at least 50 employees and/or an annual turnover of £8.7 million are regarded as "important".
It's important to identify early on if your organisation falls under NIS2 and its entity classification. Take action now to ensure compliance with the NIS2 Directive.
The board's role is critical in ensuring compliance with risk management requirements. They must approve cybersecurity measures and oversee implementation, or risk personal
liability.
Article 21 of the NIS2 Directive outlines essential cybersecurity measures to protect your network and information systems, including incident handling, business continuity and crisis management.
For organisations under the NIS2 Directive, supply chain security is crucial. This involves identifying vulnerabilities in vendors and service providers and evaluating their products and cybersecurity practices.
Essential entities must report significant incidents to the government's CSIRT within 24 hours and report the incident within 72 hours.
If your organisation falls under the NIS2 directive, it’s crucial to start preparations early as the implementation process can be time consuming.
Benefits of partnering with Insight for NIS2 Compliance