Service

  • Cyber Resilience

Industry

  • Enterprise

Article

Why NIS 2.0 represents an opportunity for companies?

When does the directive apply in Germany and who is affected by it?

The German government plans to put the national law into force by October 2024. Experts assume an implementation period of at least 12 months, some trade publications speak of maximum 18 months. By the end of this period, all companies must have implemented the directive.

The NIS 2.0 Directive is applicable EU law and is aimed at all companies with headquarters within the European Union, with more than 50 employees or more than 10. million € annual turnover. This involves the following sectors:

  • Energy
  • Transport
  • Banking
  • Financial Market Infrastructure
  • Health
  • Drinking water
  • Wastewater
  • Digital Infrastructure
  • ICT Service Management (B2B)
  • Public administrations
  • Space
  • Postal and courier services
  • Waste Management
  • Manufacture, production and distribution of chemicals
  • Food production, processing and distribution
  • Manufacturing
  • Digital providers
  • Research

What does the new version of the directive mean for businesses?

One of the most important new features of NIS 2.0 is the expansion of its scope. While the original directive only affected critical infrastructure operators (CRITIS) such as utilities, transportation companies and hospitals, digital service providers and online marketplaces must now also comply with the directive’s requirements. This means that companies from all industries will have to invest more in cyber security in the future.

But instead of viewing NIS 2.0 as a burden, companies should see the directive as an opportunity to improve their cyber security. After all, cyber security is becoming increasingly important, especially in times of increasing digitalization and networking. A cyber attack can not only cause financial damage, but also permanently damage the trust of customers and business partners.

Where do you start with implementation?

Companies should therefore take the opportunity to invest in their cyber security and prepare for the specific requirements of NIS 2.0. This can be achieved by implementing measures such as encrypting data, using firewalls and intrusion detection systems, and training employees to avoid phishing attacks.

NIS 2.0 gives companies clear guidance on how to improve their cyber security. This includes, for example, the introduction of an information security management system (ISMS), which must be regularly checked for its effectiveness. In the future, companies will also have to report incidents that could lead to disruptions or failures of network and information systems.

What are the benefits of early implementation?

Timely implementation of policy requirements is essential for organizations looking to prepare for the rising threats of the modern business world. The benefits are felt across the board.

Protection from cyberattacks

Improved cybersecurity protects businesses from the effects of cyberattacks. You can protect against data loss, data tampering, financial damage, and loss of trust and reputation.

Greater customer trust

Customers* trust companies that have a strong cybersecurity strategy. When companies improve their cybersecurity, they show their customers that they protect their data and respect their privacy.

Compliance with laws and regulations

Improved cybersecurity helps companies comply with laws and regulations that mandate the protection of data and information. In particular, with the NIS 2.0 directive, penalties and fines have been increased and, similar to the GDPR, can be up to EUR 10 million or 2% of annual turnover.

Improved business continuity

When companies improve their cybersecurity, they can also optimize their business continuity. A strong cybersecurity strategy enables companies to respond quickly to threats and still maintain their business processes.

Cost reduction

The cost of recovery from a cyberattack can be high. Improved cybersecurity can help reduce these costs by limiting the damage and minimizing the need for costly recovery.

Competitive Advantage

Improved cybersecurity can be a competitive advantage, as customers increasingly prefer companies that protect their data and information and view their cybersecurity strategy as trustworthy and secure.

EU-wide collaboration

Another advantage of NIS 2.0 is that it strengthens cooperation between companies and authorities. This is because in the event of a cyber attack, companies will in future not only have to inform the affected customers* but also involve the relevant authorities. This will enable a better exchange of information, which can help prevent future attacks.

In summary, NIS 2.0 represents an opportunity for companies in all affected industries. Instead of viewing the directive as a burden, companies should use it as an opportunity to increase their resilience to cyber attacks and strengthen the trust of customers and business partners.

Here you can learn more about our solutions for the food industry.

Related content

Article

  • Cyber Resilience
  • Healthcare
  • Industry

2025: The year cybersecurity rules rewrite U.S. healthcare

2025 has come with a new set of cybersecurity regulations for the healthcare sector. Learn more about what is on the horizon in the healthcare sector and how it could impact your organization. With Nortal, we'll help you stay ahead and compliant.

Article

  • Cyber Resilience
  • Modern Software Development
  • Technology and Engineering

10 trends shaping application security

What are the key trends in DevSecOps, helping shift the application and software security mindset from reactive to proactive.

Article

Labyrinth with a ladder
  • Data and AI
  • Enterprise
  • Government

7 steps to mitigate the risks when taking advantage of GenAI

How to effectively address AI-related risks to ensure the safe and responsible deployment of LLMs.

Get in touch

Let us offer you a new perspective.