November 15, 2023 at 04:05PM
The European Union’s NIS2 Directive aims to enhance the security and resilience of network and information systems in the EU. Organizations operating within the EU must comply with the directive, which includes training and awareness, cybersecurity risk management measures, reporting obligations, and the use of EU certification schemes. Noncompliance can result in significant fines. It is recommended that organizations conduct a NIS2 readiness assessment and develop a roadmap to meet the requirements.
Key takeaways from the meeting notes:
1. The European Union’s NIS2 Directive aims to improve the security and resilience of network and information systems across the EU. It is already in effect, but EU members have until October 2024 to transpose it into national law.
2. NIS2 applies to any organization operating within the EU and defines what is considered essential services, which can lead to grave consequences if disrupted. This includes sectors such as energy, finance, healthcare, digital infrastructure, transportation, and food production.
3. Small companies are currently exempt from NIS2. The directive applies to organizations with an annual turnover of €10 million or more and 250 or more employees. Certain businesses in important categories will also need to follow the same security protocols as essential entities.
4. There are four key requirements under NIS2: training and awareness, cybersecurity risk management measures, reporting obligations, and the use of EU certification schemes.
5. Noncompliance with NIS2 can result in significant fines, with essential entities facing fines up to €10 million or 2% of annual global revenue, and important entities facing fines up to €7 million or 1.4% of revenue.
6. Organizations should consider conducting a NIS2 readiness assessment to identify their current state of cybersecurity and develop a roadmap for compliance. Nonprofits and vendors provide readiness assessment services.
Please let me know if you need further information or assistance.