The NIS2 Directive is a new EU law that aims to improve the cybersecurity of organisations that provide essential or important services to society or the economy. It updates and expands the original NIS Directive from 2016, which only covered certain sectors and types of organisations. The NIS2 Directive covers more sectors, such as space, wastewater, food, and postal services, and introduces a new category of organisations called important entities, which include providers of public electronic communications networks or services, social networking services platforms, and data centre services.
The NIS2 Directive also sets higher standards for risk assessment and management, incident reporting, and cooperation between EU Member States. The NIS2 Directive is designed to enhance the resilience of networks and information systems and protect the personal data of EU citizens.
What is the scope?
The NIS2 Directive sets out a number of requirements for organisations to improve their cybersecurity, including:
- Risk assessment and management: Organisations must identify and evaluate the cybersecurity risks they face and implement appropriate security measures to prevent or mitigate them.
- Incident reporting: Organisations must notify their national cybersecurity authority of any significant cybersecurity incidents that affect their networks or information systems within 24 hours.
- Incident response: Organisations must have plans and procedures to respond to and recover from cybersecurity incidents as quickly and effectively as possible.
- Communication and cooperation: Organisations must share information and best practices with each other and with their national cybersecurity authority to enhance their cybersecurity capabilities and awareness.
- Security awareness and training: Organisations must ensure that their staff are trained and educated on how to protect themselves and their organisation from cyber threats and how to report any suspicious activity.
- Supply chain security: Organisations must assess and manage the cybersecurity risks posed by their suppliers and ensure that the products and services they use are secure and reliable.
- Resilience: Organisations must take steps to increase the resilience of their networks and information systems to withstand and recover from cyberattacks. This includes having backup systems, recovery plans, and security controls that are resistant to cyberattacks
Why is NIS2 an opportunity?
Businesses should see the NIS2 Directive as an opportunity to improve their cybersecurity posture and gain a competitive edge in the digital market. It is not only a legal obligation, but also a strategic opportunity for businesses to strengthen their cybersecurity capabilities and position themselves as leaders in the digital economy.
- A clear and consistent framework for cybersecurity across the EU, reducing the complexity and cost of compliance.
- A higher level of trust and confidence from customers, partners, and regulators, enhancing their reputation and brand value.
- A lower risk of cyberattacks and disruptions, minimizing the potential losses and damages to their operations and assets.
- A greater awareness and preparedness for cyber threats, enabling them to respond quickly and effectively in case of incidents.
- A more innovative and resilient digital ecosystem, fostering collaboration and learning from best practices and experiences.
How we can help
Risk AssessmentsWe help assess your storage, backup, disaster recovery, and proactive security posture.
Incident ReportingIncident reports in standard NIS2 format – helping you comply with the 24h NIS2 regulations – quickly.
Incident Response24/7 access to an Incident Response Team (IRT) and Support team to resolve an incident quickly and minimize operational impact.
Proactive ProtectionPeace of mind when our experts monitor, analyze, and provide proactive alerts, empowering you to stay ahead of evolving threats and ensure data protection.
Efficient BackupMulti-level backup solutions from top vendors, complemented by our Proact Cloud Vault – a remote backup copy with immutability, air-gapping, and a testing sandbox.
Fast RecoveryRecovery planning, from a technology and process perspective with RPO/RTO. Additionally, we offer a hot site option if required.