What is it?
The NIS2 is an EU directive that strengthens and expands cybersecurity requirements for essential and important entities, aimed at increasing cyber resilience.
For who is it?
Not every company automatically falls under NIS2. Unfortunately, it is not made very easy to see whether or not your company should comply. Below we have created a handy Checklist that shows at a glance whether you must comply or not.
What are the Risks?
The fines are on the hefty side (up to €10 million or 2% of turnover),
but the risks of a successful one are of course many times higher.
From when?
The NIS2 directive has been applicable since January 16, 2023. Based on that directive, it is up to each EU member state to implement it before the end of October 2024. However, these provisions are now
largely known. This allows companies to already prepare.
What opportunities are there?
Companies with a sound strategy for information security,
risk management, incident management and cyber awareness are
(logically) much less susceptible to cyber attacks.
However, these processes also provide greater control over the company's operations. Which translates into more stable growth.
Tips
1. Don't wait to take action
The average lead time for an implementation takes 6 months to a year, depending on the organization.
2. Use 80% templates and 20% organization specific measures
We regularly see organizations that want to reinvent the wheel and are therefore never ready. There are many (free) standard ones available that do a large part of the work. Complete with organization-specific measures
3. Take steps towards cyber resilience, even if you don't have to comply
Even if you do not (yet) have to comply with NIS2, cyber resilience is more important than ever. Prevention is better than cure certainly applies here.
4. Call in external help in time
Do you still see water burning after reading this checklist? Call in external help in time. Coincidentally or not, this is our specialty and we are happy to help your company take the necessary steps.