NIS2 and the impact on your organization
The impact of NIS2 on businesses
The NIS2 Directive is an update of the NIS1 European Directive intended to increase investments in cybersecurity, improve the security of network and information systems, and reduce cybercrime in the European Union. This directive is being reworked into legislation for each EU member state.
What does NIS2 mean for Belgian & Dutch companies?
“Entities active in the defined sectors that had more than 50 employees or an annual turnover of more than 10 million euros in their last two financial years will need to comply with the provisions of the directive. NIS2 requires these companies to review and possibly strengthen their cybersecurity practices to meet the new requirements.”
Wider application
NIS2 covers more sectors than NIS1, including energy, transport, banking, health, and digital infrastructure.
Stricter security requirements
Companies must take technical and organizational measures to ensure the security of their network and information systems.
Obligation to report incidents
There is a stricter obligation to report security incidents, which means companies must report incidents more quickly and in more detail to the relevant national authorities.
Supervision and enforcement
The NIS2 Directive enhances supervision, enforcement, and penalties for non-compliance, with potential higher fines for companies that do not follow the rules, up to 10 million euros and even personal liability for directors.
Risk management
Companies must adopt a risk management approach, including regular security audits to manage and reduce their security risks.
Supply chain security
There is also a focus on securing the supply chain, where companies are expected to assess and manage the cybersecurity risks of their suppliers.
Agidens as an OT partner for NIS2 compliance
Risk Analysis and evaluation
Conducting comprehensive risk analyses to determine where companies are vulnerable to cyberattacks and where improvements are needed to meet NIS2 standards.
Implementation of security measures
Advice and support in implementing the necessary technical and organizational measures to improve the security of network and information systems.
Compliance checks and audits
Audits to check whether a company’s existing security practices comply with NIS2 requirements, with detailed action points.
Incident Management and response plans
Support in developing or improving incident management processes and response plans, so companies can respond quickly and effectively to security incidents, including a DRP (Disaster Recovery Plan) for OT systems.
Training and awareness
Training and awareness programs so that employees understand cybersecurity risks and know how to act in accordance with the NIS2 guidelines.
Supply chain
Advice on securing the supply chain, including assessment of the cybersecurity practices of suppliers and the implementation of measures to manage risks.
Continuous Monitoring and maintenance
Support in developing continuous monitoring of network and information systems to detect threats. Also assisting in keeping systems up-to-date with the latest security standards.
TIMELY NIS2 COMPLIANT?
Does your company provide essential services to consumers? Then you need to have your cybersecurity in order by October 17, 2024. Agidens is your OT partner to assess the current state of cybersecurity and ensure all requirements are met on time.