New cybersecurity regulation
The NIS2 (Network and Information Systems) Directive is a European Union regulation that aims to improve the cybersecurity of critical infrastructure and digital services.
The directive establishes a common level of network and information security across the EU, requiring operators of essential services and digital service providers to take measures to prevent and mitigate the impact of cyber incidents.
The NIS2 directive also introduces new reporting requirements for incidents that have a significant impact on the continuity of essential services.
The goal of the directive is to enhance the resilience of the EU's critical infrastructure and increase the overall level of cybersecurity across the region.
Five important tasks that companies need to do under the NIS2 Directive
- Conduct a risk assessment: Companies must assess the risks to the security of their network and information systems and identify potential vulnerabilities.
- Implement security measures: Based on the risk assessment, companies must implement appropriate security measures to prevent and mitigate the impact of cyber incidents.
- Report incidents: Companies must report any incidents that have a significant impact on the continuity of essential services to the relevant national authority.
- Establish incident response plans: Companies must have a plan in place to respond to and recover from cyber incidents, including procedures for notifying affected users and addressing the root cause of the incident.
- Ensure supply chain security: Companies must ensure the security of their supply chain, including any third-party service providers, and implement appropriate measures to prevent unauthorized access to their network and information systems.