NIS2The new EU cybersecurity legislation.Is your organisation active in one of the industries classed as crucial for society? If so, you must comply with the new NIS 2 Directive, which is the new European Union cybersecurity legislation designed to better protect organisations from cyberattacks.
|
What is NIS2?
NIS stands for Network and Information Security and the directive focuses on critical companies such as those in the water and telecommunications industries. The European Union recently concluded that the 2016 Directive for the security of networks and information systems no longer cut the mustard and has therefore been working on the new and updated NIS2, which goes a step further by boosting security requirements across Europe to cover a greater number of industries.
Reason 1 – The increased number of cyber threats
-
More sophisticated and frequent cyberattacks.
-
More complex threats, such as ransomware and attacks on critical infrastructures.
Reason 2 – Technological and societal changes.
-
Greater digitalisation in all industries.
-
Greater need to protect sensitive data.
-
Greater dependence on emerging technologies such as IoT (Internet of Things), 5G and cloud computing.
Reason 3 – The original NIS doesn’t go far enough.
-
It doesn’t cover enough industries and services.
-
Security requirements vary between Member States.
-
The rules for reporting cyberattacks are neither clear nor uniform.
| NIS | NIS2 | |
|
Industries covered |
Primarily:
|
Includes a greater number of industries such as:
|
|
Security requirements |
Varied and not very detailed |
More stringent and detailed requirements, including:
|
|
Reporting cyberattacks |
Reporting deadlines and processes are unclear
|
There are specific deadlines and procedures for reporting cyberattacks |
|
Essential industries.
|
Critical digital services.
|
New industries included.
|
SMEs if they operate in one of the critical industries or provide essential services |
Implement security measures centred around:
-
Risk management
-
Protecting networks and information systems
-
Regular security audits and assessments.
Define processes for responding to incidents:
-
Create action plans in the event of cyberattacks
-
Define communication channels for reporting cyber incidents
-
Train your team to identify, respond to and report these incidents.
The transposition of the NIS 2 Directive into Portuguese law will be ready by mid-2025.*
This means that starting now ensures that all the necessary changes are implemented on time.
|
Consulting services We’ll analyse the NIS2 requirements together to assess your needs and draw up action plans. |
Tailored security solutions We design solutions to protect your networks, systems and data such as Secure IT XDR (Extended Detection & Response).
|
Security audit and assessment. We assess the status quo of your business’s cybersecurity to identify vulnerabilities and areas for improvement. |
|
Cybersecurity training. We offer cybersecurity training and awareness programmes to make sure your employees are prepared.
|
Secure software development. We develop secure software solutions that meet NIS2 security requirements and help you protect your systems and data.
|
Send us your questions.
* Mandatory field. If you’d like to know more about how we handle your personal data, please read our Privacy Policy.