The NIS 2 (Network and Information Security) Directive is a regulation issued by the European Union to enhance cybersecurity and reduce vulnerabilities in critical infrastructures and essential services across the EU. It updates the previous NIS directive (2016) with stricter requirements and a broader scope.
Key Points:
- Broadened Obligations: Applies to more businesses, including sectors like energy, transport, finance, and healthcare.
- Responsibility and Penalties: Companies must appoint cybersecurity officers and face significant fines for non-compliance.
- Enhanced Cooperation: Aims to improve collaboration among EU member states for large-scale cybersecurity incidents.
- Risk Management: Organizations must implement advanced technical and organizational measures to manage cybersecurity risks.
- Supply Chain Security: Imposes rules for assessing critical suppliers’ security and enforcing high standards throughout the supply chain.
- Essential Entities: Large companies with over 250 employees in strategic sectors like energy, transport, banking, financial infrastructures, water, and healthcare.
- Important Entities: Medium-sized companies with over 50 employees operating in significant but non-essential sectors, which still require appropriate security measures.
- Risk Management: Implement advanced measures for network security, incident management, encryption, and access control.
- Corporate Responsibility: Executives are accountable for cybersecurity management, policies, training, and compliance. Non-compliance can lead to sanctions, including criminal liability.
- Incident Reporting: Establish systems for promptly reporting cybersecurity incidents, including sending early warnings within 24 hours.
- Business Continuity: Develop strategies to ensure operational continuity during cyberattacks, including emergency management and system recovery plans.
Agger complies with NIS 2 by offering solutions for:
- Risk analysis and information security policies.
- Incident management and crisis recovery.
- Supply chain security and vulnerability management.
- Encryption and multifactor authentication.
October 17, 2024