What is the NIS2 directive?
The Network and Information Security (NIS) 2 Directive is a piece of legislation from the European Union. The NIS2 directive aims to enhance cybersecurity across member states, ensuring all companies and organizations adhere to common cybersecurity standards. The introduction of NIS2 will encourage better risk management, information sharing, incident management, and much more. Member states should adopt the NIS2 directive by October 2024.
Does the NIS2 directive apply to my company?
The NIS2 directive applies to a wide range of companies of different sizes and sectors. If you are a company of more than 50 people, we recommend checking to see if you have reached the thresholds needed to implement NIS2. Your company will either fall into the essential entities or important entities category.
We offer a free analysis to check if you need to implement NIS2. Fill in the form with the required information, and we will check against the criteria and return to you with the result!
What are the requirements for NIS2?
As part of implementing NIS2, your organization and top-level management need to commit to a list of requirements. Top-level management must provide adequate resources (budget and personnel), understand risks and how they are handled, remain informed about incidents and how they were handled, and enforce and take part in information security training. As an organization, you must register with authorities, implement risk management measures, and report incidents in time.
What happens if your company doesn’t comply with the NIS2 directive?
Failing to comply with the NIS2 directive will result in large fines. For essential entities, the fine will be a minimum of €10 million or 2% of the total worldwide annual turnover for the previous year, whichever is higher. For important entities, fines start at €7 million or 1.4% of the total worldwide annual turnover for the previous year, again with the higher amount being the fine.
Core areas DIESEC can help with NIS2 implementation.
DIESEC Consultants are ready to help you prepare for and comply with the NIS2 directive. As part of our package, we offer the following services:
- Carry out a risk assessment on your digital infrastructure
- Develop an incident response plan that fits your company's needs
- Put in place reporting and documentation mechanisms.
Additionally, we offer combined service packages, in which we can bundle our penetration testing, SOCaaS, and Information Security training services to provide you with all the tools you need to remain NIS2 compliant.
Do you need support?
Do you have questions about our offer or an individual request?
Please do not hesitate to contact us.
We are looking forward to your message.
E-Mail: [email protected]