NIS2 Directive
How to make your business cyber secure?
What is the NIS2 directive?
Directive (EU) 2022/2555, known as the NIS2 directive builds on its predecessor, the NIS Directive.
NIS2 expands and strengthens the security and reporting obligations for a wider range of essential and digital service providers. It also describes the robust measures to protect all major sectors of the European economy from cyberthreats.
NIS2 isn’t just regulation: it’s a collective shield against the ever-growing cybersecurity dangers of the age we live in.
Why NIS2 matters?
In the last few years, Europe has witnessed a significant increase in the number of cyberattacks and incidents. Think about ransomware, phishing and malware. All of these pose major challenges. Here are some numbers to highlight the impact and importance of a strong cybersecurity strategy:
- 59% of organizations were hit by ransomware last year
- 70% of cyberattacks resulted in data encryption: This means attackers locked critical information, potentially crippling your operations.
- In 32% of encrypted data cases, data was also stolen: Not only is access blocked, but confidential information could be leaked.
- 94% of attacks involved attempts to compromise backups: Making backups ineffective if not properly protected.
- Ransom demands averaged € 4 million (mean) and € 1.8 million (median): The financial burden of ransoms is substantial.
- Only 35% recover fully within a week, while 34% take over a month: Recovery times are lengthy and can disrupt business continuity.
That’s why the European Union has approved the NIS2 directive, to enhance, expand, strengthen and harmonize cybersecurity across Europe.
So let’s see the EU as a friend and not as an organization who forces more rules upon us, they just want the best for us and make the (digital) EU a better place!
Who needs to be compliant for NIS2?
NIS2 is designed for medium-sized (over 50 employees or an annual turnover exceeding 10 million euros) and large enterprises (over 250 employees or an annual turnover exceeding 50 million euros) operating within various critical sectors.
These include:
- Energy
- Transport
- Banking
- Financial market infrastructure
- Health
- Drinking water
- Waste water
- Digital infrastructure
- ICT service management
- Public administration
- Space
- Postal and courier services
- Waste management
- Manufacture, production and distribution of chemicals
- Production
- Processing and distribution of food
- Manufacturing
- Digital providers
- Research
Small businesses and micro-enterprises fall outside the scope of NIS2, unless they are deemed significant or essential by (Belgian) authorities.
To ensure clarity and prevent the ambiguities experienced with the initial version of NIS, the Directive meticulously details the specific requirements applicable to each sector. It also outlines several exceptions within these (sub)sectors, further refining the regulatory framework.
Not sure if your company needs to be compliant? Get in contact with one of our experts. We’re happy to be your co-pilot in this story.
The ACEN approach: your cybersecurity is like a car
Imagine your business as a car navigating and driving through the digital roads of the world wide web. Just like any car trip, ensuring a smooth and pleasant ride requires a few things. So to enforce a strong cybersecurity strategy and posture we prefer to rely on the CyberFundamentals Framework, created by the CCB.
Understanding the road & the risks: Knowing the potential hazards and vulnerabilities you might encounter.
Optimizing your car: Implementing robust cybersecurity measures to safeguard your systems and data.
Recognizing trouble lights: Having the ability to identify security incidents and anomalies.
Handling emergencies: Developing a plan to effectively respond to cyberattacks.
Getting back on track: Establishing procedures to restore systems and operations after a cyberattack.
Are you ready to take the driver’s seat?
ACEN is happy to be your co-pilot!
Get in contact with William, our cybersecurity advisor, for all your questions or to get started!
ACEN, your co-pilot in the NIS2 Directive
As in everything in life, knowing where you are at a current point and knowing where you want to go is crucial.
Before hitting the road, a car needs a thorough inspection and you, as the driver, need to know-how and skills to navigate the busy and crowded traffic.
Similarly, for a clear and effective cybersecurity posture (that is NIS2 compliant) we need to pop the hood of your organization.
We need to check where your organization stands right now, where you need to go and what you need to get to your destination safely!
How? With our Cybersecurity Assessment a.k.a. “Your car inspection”.