Preparing for the NIS2 Directive

The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more organizations into scope.

Companies – including those not used to operating in such stringent regulatory environments – are now under pressure to establish compliance by 17 October 2024 or risk substantial financial penalties in the event of non-compliance at the time of breach.

In this Help Net Security video, Rob Robinson, Head of Telstra Purple, EMEA, discusses why a patchwork approach to compliance won’t work. Robinson works with many companies currently planning their routes to compliance and believes many companies covered under NIS2 are still broadly unprepared.

NIS2 improves the existing cyber security status across the EU in different ways:

• Creating the necessary cyber crisis management structure (CyCLONe)
• Increasing the level of harmonization regarding security requirements and reporting obligations
• Encouraging member states to introduce new areas of interest such as supply chain, vulnerability management, core internet, and cyber hygiene to their national cybersecurity strategies
• Bringing novel ideas such as peer reviews for enhancing collaboration and knowledge sharing amongst the Member States
• Covering a larger share of the economy and society by including more sectors means that more entities are obliged to take measures to increase their level of cybersecurity.