Mainbanner NIS2

NIS2

 Is your company prepared for the new era of cybersecurity?

The European Union has taken a decisive step in digital protection with the entry into force of the NIS 2 Directive — a more demanding legal framework that requires organizations considered critical to society, such as those in the water, energy, health, transportation, or telecommunications sectors, to strengthen their cybersecurity.

 

What is NIS2?

NIS stands for Network and Information Security. This new directive replaces the 2016 version, expanding its scope to more sectors and establishing stricter requirements regarding security, incident response, governance, and communication.

Why was an update necessary?
Reason 1 – The increased number of cyber threats
  • More sophisticated and frequent cyberattacks.
  • More complex threats, such as ransomware and attacks on critical infrastructures.
Reason 2 – Technological and societal changes.
  • Greater digitalisation in all industries.
  • Greater need to protect sensitive data.
  • Greater dependence on emerging technologies such as IoT (Internet of Things), 5G and cloud computing.
Reason 3 – The original NIS doesn’t go far enough.
  • It doesn’t cover enough industries and services.
  • Security requirements vary between Member States.
  • The rules for reporting cyberattacks are neither clear nor uniform.
Web Application Security
NIS vs NIS2 – What are the differences?
 

NIS

NIS2

 

Industries covered

 

Primarily:

  • Providers of essential services
  • Providers of specific digital services

 

Includes a greater number of industries such as:

  • Health
  • Public administration
  • Providers of critical digital services

 

Security requirements

 

Varied and not very detailed

 

More stringent and detailed requirements, including:

  • Risk management
  • Prevention measures
  • Network and information systems security

 

 

Reporting cyberattacks

 

Reporting deadlines and processes are unclear

 

 

There are specific deadlines and procedures for reporting cyberattacks

 

 

NIS

NIS2

 

Industries covered

 

Primarily:

  • Providers of essential services
  • Providers of specific digital services

 

Includes a greater number of industries such as:

  • Health
  • Public administration
  • Providers of critical digital services

 

Security requirements

 

Varied and not very detailed

 

More stringent and detailed requirements, including:

  • Risk management
  • Prevention measures
  • Network and information systems security

 

 

Reporting cyberattacks

 

Reporting deadlines and processes are unclear

 

 

There are specific deadlines and procedures for reporting cyberattacks

 

  NIS NIS2

 

Industries covered

 

Primarily:

  • Providers of essential services
  • Providers of specific digital services

 

Includes a greater number of industries such as:

  • Health
  • Public administration
  • Providers of critical digital services

 

Security requirements

 

Varied and not very detailed

 

More stringent and detailed requirements, including:

  • Risk management
  • Prevention measures
  • Network and information systems security

 

 

Reporting cyberattacks

 

Reporting deadlines and processes are unclear

 

 

There are specific deadlines and procedures for reporting cyberattacks

 

What does your business need to do?

Implement security measures centred around:

  • Risk management
  • Protecting networks and information systems
  • Regular security audits and assessments.

 

Define processes for responding to incidents:

  • Create action plans in the event of cyberattacks
  • Define communication channels for reporting cyber incidents
  • Train your team to identify, respond to and report these incidents.
secure. now and then.