Category: Expertise strategy
To mitigate rising cyberattacks, organizations must comply with these stricter regulations, improve cyber hygiene, and adopt standards like ISO/IEC 27001. NIS 2 is a pivotal directive designed to support these efforts.
The NIS 2 Directive has been dubbed the most comprehensive European cybersecurity directive to date, encompassing 15 sectors with stricter requirements around risk management and incident reporting, as well as greater financial penalties for non-compliant firms.
Read more about NIS 2 Directive here.
NIS 2 has been in force since 16 January 2023 and EU Member States have until 17 October 2024 to incorporate the directive into their national law and start holding businesses to account. With the daily reports of organisations experiencing costly and disruptive cyberattacks, not many businesses will be asking ‘why now?’.
According to Forbes, more than 2,300 cyberattacks were recorded in 2023 involving more than 343 million victims, and the number of data breaches increased by 72% compared with 2021, which was the previous all-time record year for attacks.
In response to this dramatic rise, NIS 2 will help to build organisational resilience and give regulators and governmental agencies additional muscles to monitor the threat of cyberattacks. A significant challenge for businesses just months away from this legislation is the limited information available from public agencies, including the EU and Member States. With the lack of guidance on how to prepare, here are some key steps that compliance teams can focus on.
Among its requirements, NIS 2 imposes reporting obligations, information sharing rules, and the designation of single points of contact (SPOCs) and computer security incident response teams (CSIRTs).
These measures will ultimately assist national and EU agencies to monitor cyber threats and successful attacks. This will allow businesses from across the EU to learn from each other’s experiences and improve their respective cybersecurity and crisis management practices and reduce the risk and potential impact of a cyberattack.
NIS 2 imposes a heightened level of accountability on the management body. While prison sentences are not explicitly mentioned as a repercussion for non-compliance, authorities are more likely to resort to alternative measures such as fines or, in extreme cases, possible sanctions including restricting the right to manage companies.
NIS 2 imposes a heightened level of accountability on the management body.
Despite the limited guidance available, there is a lot of work for compliance teams to do.
Firstly, they should carry out a mapping exercise with updated risk assessments and look at what existing controls and frameworks are in place within their organisation. As experts in guiding businesses through compliance, we find that employees working in the affected areas usually have a good understanding of what the challenges are and where the organisation should be making improvements.
With this better understanding of the risk picture, teams should then prioritise actions and allocate resources based on the level of risk posed to an organisation.
Basic cyber hygiene, awareness and training are areas that require a lot of work but are vital for resilience. Strong cyber hygiene can help prevent security breaches and stop cybercriminals from installing different types of malwares and stealing personal information. Every employee needs to understand basic cyber hygiene practices and their role in protecting and maintaining the organisation’s IT systems and devices. This will facilitate quicker and more efficient incident responses and provide immediate and effective defences against attacks.
If compliance teams have the time and capacity, implementing the controls of a standard like ISO/IEC 27001 would also be a worthwhile undertaking. We see a lot of new EU legislation encourage organisations to become compliant through EU and international standards. This is the case for NIS 2, which is directly mentioned in article 25.
Due to our consultants’ extensive experience of meeting compliance requirements for a diverse client base, we are able to share some useful insights on how to tackle the challenges of complying with NIS 2 despite the limited guidance available:
emagine offers tailored cyber security training, with a particular focus on NIS 2.
Ready to find out more?Get in touch with our team of experts.
The advent of artificial intelligence (AI) has sparked discussions across various industries about its potential impact on traditional roles and responsibilities. The field of project management is not exempt from these considerations, and as a project manager, it is only natural to ask yourself: How will AI affect my work?
This article serves as a guide to all aspiring project managers, discussing important considerations and essential skills needed to excel in this dynamic career.
As the first step in the project lifecycle, project initiation is critical in determining the ultimate success of a project. Learn the best practices and key considerations for successful project initiation.
