March 16, 2023
The EU Network and Information Security (NIS) Directive has been in force since 2016 and aims to improve cyber security in Europe. In December 2020, the NIS Directive has now been updated and adopted as NIS 2.0. The new version brings some changes that affect companies in comprehensive industries. But instead of viewing the directive as a burden, companies should embrace it as an opportunity. We've put together the biggest benefits of timely implementation.
The German government plans to put the national law into force by October 2024. Experts assume an implementation period of at least 12 months, some trade publications speak of maximum 18 months. By the end of this period, all companies must have implemented the directive.
The NIS 2.0 Directive is applicable EU law and is aimed at all companies with headquarters within the European Union, with more than 50 employees or more than 10. million € annual turnover. This involves the following sectors:
One of the most important new features of NIS 2.0 is the expansion of its scope. While the original directive only affected critical infrastructure operators (CRITIS) such as utilities, transportation companies and hospitals, digital service providers and online marketplaces must now also comply with the directive’s requirements. This means that companies from all industries will have to invest more in cyber security in the future.
But instead of viewing NIS 2.0 as a burden, companies should see the directive as an opportunity to improve their cyber security. After all, cyber security is becoming increasingly important, especially in times of increasing digitalization and networking. A cyber attack can not only cause financial damage, but also permanently damage the trust of customers and business partners.
Companies should therefore take the opportunity to invest in their cyber security and prepare for the specific requirements of NIS 2.0. This can be achieved by implementing measures such as encrypting data, using firewalls and intrusion detection systems, and training employees to avoid phishing attacks.
NIS 2.0 gives companies clear guidance on how to improve their cyber security. This includes, for example, the introduction of an information security management system (ISMS), which must be regularly checked for its effectiveness. In the future, companies will also have to report incidents that could lead to disruptions or failures of network and information systems.
Timely implementation of policy requirements is essential for organizations looking to prepare for the rising threats of the modern business world. The benefits are felt across the board.
Improved cybersecurity protects businesses from the effects of cyberattacks. You can protect against data loss, data tampering, financial damage, and loss of trust and reputation.
Customers* trust companies that have a strong cybersecurity strategy. When companies improve their cybersecurity, they show their customers that they protect their data and respect their privacy.
Improved cybersecurity helps companies comply with laws and regulations that mandate the protection of data and information. In particular, with the NIS 2.0 directive, penalties and fines have been increased and, similar to the GDPR, can be up to EUR 10 million or 2% of annual turnover.
When companies improve their cybersecurity, they can also optimize their business continuity. A strong cybersecurity strategy enables companies to respond quickly to threats and still maintain their business processes.
The cost of recovery from a cyberattack can be high. Improved cybersecurity can help reduce these costs by limiting the damage and minimizing the need for costly recovery.
Improved cybersecurity can be a competitive advantage, as customers increasingly prefer companies that protect their data and information and view their cybersecurity strategy as trustworthy and secure.
Another advantage of NIS 2.0 is that it strengthens cooperation between companies and authorities. This is because in the event of a cyber attack, companies will in future not only have to inform the affected customers* but also involve the relevant authorities. This will enable a better exchange of information, which can help prevent future attacks.
In summary, NIS 2.0 represents an opportunity for companies in all affected industries. Instead of viewing the directive as a burden, companies should use it as an opportunity to increase their resilience to cyber attacks and strengthen the trust of customers and business partners.
Here you can learn more about our solutions for the food industry.