2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

NIS2: Why organisations need a unified cybersecurity standard

NIS2: Why organisations need a unified cybersecurity standard>
Computer Weekly – Patrick Scholl
The European Union has been working towards unifying legal standards for cybersecurity since 2016, and this effort has culminated in the adoption of the Network and Information Security Directive (NIS2).
The directive aims to align cybersecurity best practices across countries and sectors and fill regulatory gaps.
Its success is evident as even non-EU states are considering adapting it into their own legal frameworks.
Any new regulation brings with it risks and rewards.
For organisations the risks of non-compliance are considerable.
Once in place, fines can go up to €10 million or 2% of global annual revenue (for essential entities) or €7 million or 1.4% of global annual revenue (for important entities).
On top of this, management can be held personally liable over NIS2 failures, with regulators also having the power to potentially suspend operations.

The need for a unified approach is crucial due to the increasing number of cyber threats faced by organizations.
The number of cyberattacks in Europe rose by 26% in 2022 compared to the previous year.
Research reveals that a significant percentage of Operators of Essential Services (OES) and digital service providers do not have a Security Operations Centre, and IT budgets dedicated to Information Security have decreased.
NIS2 provides a list of measures that organizations can implement to strengthen their cyber defenses and mitigate the risk of cyberattacks.
These measures include being prepared with the necessary resources, having a proactive cybersecurity culture, and complying with regulations.
However, compliance alone is not enough to prevent cyberattacks.
Organizations need to invest in the right cybersecurity technologies and seek guidance from experts to adopt a proactive security culture.
For organizations, there are risks and rewards associated with the new regulation.
Non-compliance can result in significant fines and personal liability for management.
This presents an opportunity for the channel, including vendors, distributors, and value-added resellers, to offer advice and services that help organizations achieve compliance and enhance their cybersecurity posture.
The channel can partner with CISOs to strengthen cybersecurity sustainably and ensure that management fully understands the risks faced by their organizations.
The compliance deadline is set for Autumn 2024, emphasizing the need for action now.
Link: https://www.computerweekly.com/microscope/opinion/NIS2-Why-organisations-need-a-unified-cybersecurity-standard

Categories:

Tags: