Article

Category: Expertise strategy

What is NIS 2 and how should businesses prepare?

To mitigate rising cyberattacks, organizations must comply with these stricter regulations, improve cyber hygiene, and adopt standards like ISO/IEC 27001. NIS 2 is a pivotal directive designed to support these efforts.

The NIS 2 Directive has been dubbed the most comprehensive European cybersecurity directive to date, encompassing 15 sectors with stricter requirements around risk management and incident reporting, as well as greater financial penalties for non-compliant firms.  

Read more about NIS 2 Directive here.

NIS 2 has been in force since 16 January 2023 and EU Member States have until 17 October 2024 to incorporate the directive into their national law and start holding businesses to account. With the daily reports of organisations experiencing costly and disruptive cyberattacks, not many businesses will be asking ‘why now?’.  

Financial_Crime

According to Forbes, more than 2,300 cyberattacks were recorded in 2023 involving more than 343 million victims, and the number of data breaches increased by 72% compared with 2021, which was the previous all-time record year for attacks.  

Read the Forbes article here.

In response to this dramatic rise, NIS 2 will help to build organisational resilience and give regulators and governmental agencies additional muscles to monitor the threat of cyberattacks. A significant challenge for businesses just months away from this legislation is the limited information available from public agencies, including the EU and Member States. With the lack of guidance on how to prepare, here are some key steps that compliance teams can focus on. 

How are regulators monitoring the rising threat of cyber hackers?

Among its requirements, NIS 2 imposes reporting obligations, information sharing rules, and the designation of single points of contact (SPOCs) and computer security incident response teams (CSIRTs).  

These measures will ultimately assist national and EU agencies to monitor cyber threats and successful attacks. This will allow businesses from across the EU to learn from each other’s experiences and improve their respective cybersecurity and crisis management practices and reduce the risk and potential impact of a cyberattack. 

NIS 2 imposes a heightened level of accountability on the management body. While prison sentences are not explicitly mentioned as a repercussion for non-compliance, authorities are more likely to resort to alternative measures such as fines or, in extreme cases, possible sanctions including restricting the right to manage companies. 


 

NIS 2 imposes a heightened level of accountability on the management body.

 


How can compliance teams prepare for NIS 2?

Despite the limited guidance available, there is a lot of work for compliance teams to do.  

Firstly, they should carry out a mapping exercise with updated risk assessments and look at what existing controls and frameworks are in place within their organisation. As experts in guiding businesses through compliance, we find that employees working in the affected areas usually have a good understanding of what the challenges are and where the organisation should be making improvements.  

With this better understanding of the risk picture, teams should then prioritise actions and allocate resources based on the level of risk posed to an organisation.  

Basic cyber hygiene, awareness and training are areas that require a lot of work but are vital for resilience. Strong cyber hygiene can help prevent security breaches and stop cybercriminals from installing different types of malwares and stealing personal information. Every employee needs to understand basic cyber hygiene practices and their role in protecting and maintaining the organisation’s IT systems and devices. This will facilitate quicker and more efficient incident responses and provide immediate and effective defences against attacks. 

If compliance teams have the time and capacity, implementing the controls of a standard like ISO/IEC 27001 would also be a worthwhile undertaking. We see a lot of new EU legislation encourage organisations to become compliant through EU and international standards. This is the case for NIS 2, which is directly mentioned in article 25.

hand_teacher

Tips for compliance teams in the run up to NIS 2 

Due to our consultants’ extensive experience of meeting compliance requirements for a diverse client base, we are able to share some useful insights on how to tackle the challenges of complying with NIS 2 despite the limited guidance available: 

  1. When implementing new requirements, compliance teams should always review existing processes, controls or frameworks to build on what is already in place, rather than start from the beginning. 
  2. Working with third parties across the supply chain is always a key area of risk, particularly where the interaction falls across multiple teams or departments – such as procurement, legal and compliance. It must be clear which teams or individuals have ownership over ensuring that a third party is living up to requirements and carrying out necessary audits to hold them accountable. Organisations should also engage in awareness training and upskilling to ensure that all controls and audits are being conducted properly. 
  3. Risk assessments and measuring where an organisation may be vulnerable requires the use of a uniform approach and a suitably efficient system. Using external tools and expertise is a highly useful resource.  
  4. Most cyber incidents are still as a result of human error and, therefore, general upskilling, awareness and training of staff is paramount. With AI and other technological developments constantly evolving, so are the criminals and the baseline understanding of employees needs to evolve with them as well. This need is highlighted within NIS 2. 

emagine offers tailored cyber security training, with a particular focus on NIS 2.

Ready to find out more?

Get in touch with our team of experts.

Blog

Explore our blog

left-arrow
right-arrow

Henrik Timm
Projects & Implementation
Succeed as a consultant

The project manager in the era of AI

The advent of artificial intelligence (AI) has sparked discussions across various industries about its potential impact on traditional roles and responsibilities. The field of project management is not exempt from these considerations, and as a project manager, it is only natural to ask yourself: How will AI affect my work? 

Project manager at a meeting with his team.
Projects & Implementation
Succeed as a consultant

Key considerations for aspiring project managers

This article serves as a guide to all aspiring project managers, discussing important considerations and essential skills needed to excel in this dynamic career.

Projects & Implementation
Succeed as a consultant

From risks to requirements: Project initiation from A to Z

As the first step in the project lifecycle, project initiation is critical in determining the ultimate success of a project. Learn the best practices and key considerations for successful project initiation.

Succeed as a consultant

How to build a unique LinkedIn profile

In this article, our hiring manager and recruiter shares his tips on setting up a compelling LinkedIn profile to help you stand out on the job market.

Code
Expert stories
Succeed as a consultant

Seven mistakes every tester should avoid in QA

Written by a Test Team Leader and emagineer, this article dives into seven key pitfalls within software testing. Discover how to steer clear of these traps, strengthen your strategies, and lead your team toward testing excellence.

Case: Tech & development
Expert stories
Succeed as a consultant

Nx for Angular: A reliable tool simplifying the work with IT projects

Front-end developer explores how Nx can benefit Angular projects and its compatibility with other technologies like React & Node.

Expert stories
Succeed as a consultant

Tips from a consultant: How to optimize your workflow as an IT specialist

Front-end specialist shares his advice on how to become more efficient in your work as an IT consultant, incorporating habits that will sharpen your expertise and act as a gateway to securing better projects

IT specialist working from home.
Expert stories
Succeed as a consultant

Non-functional requirements in the Application Development Process

Within the development process, non-functional requirements emerge as a pivotal factor. The challenge lies in effectively gathering and processing these requirements, ensuring clarity and direction for every member of the IT team. The ultimate goal: crafting a distinctive and dependable end product that offers a seamless experience to the end user.

Expert stories
Succeed as a consultant

Snapshot testing in front-end applications

In today’s fast-paced software development landscape, maintaining application consistency is of utmost importance. One approach that has gained popularity is snapshot testing, and emagineer Kamil Naja is here to take us through the ins and outs.

Code
Expert stories
Succeed as a consultant
Tech & Development

Effective ways to work with Backend

In the realm of front-end solutions, the vital role of back-end applications cannot be overstated. In this article, emagineer Kamil Naja delves into the world of backend development, uncovering effective methods to optimize the process.

Data & Analytics
Expert stories
Succeed as a consultant

AI support in the development of front-end solutions

Gain valuable insights into the evolving landscape of front-end development as we explore the transformative applications of AI technologies. This article delves into three prominent AI tools: ChatGPT, GitHub Copilot, and GitHub Copilot Chat, and how they can be leveraged by front-end developers.

A consultant meeting two managers at a job interview.
Succeed as a consultant

Consultant interview from A to Z: Cheat sheet for landing your next job

A practical guide to land your next job. The consultant interview is a good opportunity to make a lasting impression. Here you can learn how to navigate your next job interview and land the job.

Succeed as a consultant

LinkedIn optimizations: Make your profile stand out

Six easy gains – you can use them today! In this article, you will learn six straightforward tips on upgrading your LinkedIn profile quickly and efficiently – these changes might make all the difference.

Senior consultant with beard looking self assured
Staff augmentation
Succeed as a consultant

Five characteristics of successful consultants

What makes a good consultant? While there is no step-by-step guide or a fixed formula to lead you to the top of the game, some characteristics are prevalent in all of expert consultants. Let us take you through five of the most prominent components contributing to success.

An experienced consultant smiling in a meeting with two others
Succeed as a consultant

Freelance 101: How to start as an independent IT consultant

Are you an IT expert with several years of experience, and do you dream of working independently and being your boss? It’s not that complicated to start, and we’ve made it easier for you. As a new freelancer, you have many opportunities, but you also face challenges. Check what is required and how to get started.