What is NIS2 and what does it mean for you as a manager?

Are you a manager or decision-maker? Then this blog post is relevant to you. I recently attended a course on the NIS2 directive (Network and Information Security), and here is a concise overview of the key points you, as a manager, should be aware of.

What is NIS2?

NIS2 is an upgrade of the previous NIS Directive and its main goal is to strengthen cybersecurity in Europe. The directive applies to more sectors than before and introduces stricter requirements for risk management, collaboration and reporting.

The objectives of the NIS2 Directive

1. Cyber-resilient systems: Build and maintain resilient systems that can withstand threats.
2. Resilient value chain: Strengthen the security of the value chain across different industries.
3. Joint situational awareness: Creating a common capability for effective management of cyber threats.

Key requirements and changes in NIS2

1. Expanded scope: NIS2 includes more industries than before, such as digital infrastructure, energy, transportation, health and finance, among others.
2. Risk-based approach: Organizations must implement technical and organizational measures to prevent, detect and respond to security incidents, based on their specific risks.
3. Supply chain security: Clear agreements with suppliers are required, specifying security requirements and ensuring compliance with the directive.
4. Reporting requirements: Notification to relevant authorities within 24 hours of a cyber incident and full reporting within 72 hours, including severity assessment, threat type and consequences.
5. Management responsibility: Management is responsible for approving and monitoring cybersecurity measures, as well as ensuring employee training.
6. Sanctions: Violations of the directive can result in significant fines and legal consequences.

Toolbox for NIS2

To meet the requirements of NIS2, recognized frameworks are becoming increasingly important. Frameworks such as ISO27001, the CIS controls and NSM's basic principles provide a structured approach to:

• Risk management
• Implementation of security measures
• Continuous improvement

This helps your business to strengthen security and meet the requirements of the directive.

As a manager, what should you do now?

1.  Implement frameworks such as ISO27001: Work systematically with security standards to ensure compliance.
2. Establish good processes: Prioritize risk management, preparedness and incident management.
3  Exercise regularly: Conduct exercises to test and improve security preparedness.

The NIS2 directive is an important milestone for cybersecurity in Europe. For you as a leader, this is an opportunity to build a more robust, resilient and secure business - and to be better prepared for future challenges.

Are you ready to take action? Start today and take your business security to the next level!