In 2024 estimates shows that 150.000 businesses will be affected by the NIS2 Directive.
The NIS2 Directive, also known as the new version of the Network and Information Security Directive, is a European directive aimed at strengthening cybersecurity in the European Union. The Directive is designed to help organisations protect themselves against cyber threats and to ensure that the EU’s cyber infrastructure is more secure and robust. Now that the directive has been finally officially published, member states until October 2024 to integrate the provisions of the directive into local legislation.
Many businesses in Europe will be affected by NIS2, and here are some of the new security measures:
- Cyber Security Risk assessments and security policies for information systems
- Policies and procedures for evaluating the effectiveness of security measures.
- Policies and procedures for the use of cryptography and, when relevant, encryption.
- A plan for handling security incidents
- Security around the procurement of systems and the development and operation of systems. This means having policies for handling and reporting vulnerabilities.
- Cybersecurity training and a practice for basic computer hygiene.
- Security procedures for employees with access to sensitive or important data, including policies for data access. Affected organizations must also have an overview of all relevant assets and ensure that they are properly utilized and handled.
- A plan for managing business operations during and after a security incident. This means that backups must be up to date. There must also be a plan for ensuring access to IT systems and their operating functions during and after a security incident.
- The use of multi-factor authentication, continuous authentication solutions, voice, video, and text encryption, and encrypted internal emergency communication, when appropriate.
- Security around supply chains and the relationship between the company and direct supplier. Companies must choose security measures that fit the vulnerabilities of each direct supplier. And then companies must assess the overall security level for all suppliers.
Try our free NIS2 Directive test