Don’t miss the last call to ensure your business is NIS2 compliant

Ensure your business meets the NIS2 deadline. Learn about the key effects and how our assessment can turn compliance into a strategic advantage.

Request your free assessment

If your business operates in or through the EU, you have a crucial cybersecurity milestone to meet this year. NIS2, the second iteration of Europe’s Network and Information Security directive, goes into effect on 17 October 2024. And with the summer holiday fast approaching, there is little time left to ensure you have the right cybersecurity safeguards in place.

Failure to meet this deadline can lead to hefty fines. And that’s the least of your worries. But what has actually changed? Below, we spell out the key points of the directive and show you how you can go beyond compliance to ensure the highest levels of cybersecurity preparedness while minimizing disruptions to your core business activities.

NIS2 in a nutshell

NIS2 builds upon the original NIS directive, addressing the evolving threat landscape and ensuring that both technological safeguards and organizational processes are in place to strengthen cybersecurity. It introduces stricter requirements, a broader scope, and increased accountability that applies to every link in the supply chain. Key points include:

Expanded Scope

NIS2 covers more sectors than its predecessor, including healthcare, energy, transport, banking, financial market infrastructures, digital infrastructure, public administration, and space. It also encompasses digital service providers like online marketplaces, search engines, and social networking services.

Risk Management

The directive mandates that organizations adopt a risk management approach to cybersecurity, ensuring they have measures in place to prevent and respond to incidents. This includes technical and organizational measures such as incident response, business continuity, supply chain security, and encryption.

Reporting Obligations

NIS2 introduces stricter incident reporting requirements. Organizations must report significant incidents to the relevant authorities within 24 hours of detection. This aims to improve response coordination and mitigate impacts quickly.

Governance and Accountability

The directive emphasizes the importance of top-level management in cybersecurity. Senior management must be involved in and accountable for cybersecurity practices, ensuring adequate resources and oversight.

Harmonization and Cooperation

NIS2 seeks to harmonize cybersecurity practices across the EU, promoting cooperation among member states and establishing common standards and methodologies.

Who is affected?

NIS2 affects a broad range of sectors, from manufacturing to e-commerce and services organizations. Since it aims to protect entire supply chains, end-to-end, this means that regardless of your industry, you are likely subject to the directive. Even small and medium-sized enterprises (SMEs) are not exempt if they operate in critical sectors. Here’s an at-a-glance summary of affected organizations.

Essential sectors

Energy
Transport
Banking
Financial market infrastructure
Healthcare
Potable water
Digital infrastructure
ICT service providers
Wastewater
Government Services
Space Exploration

Important sectors

Digital providers
Postal and courier services
Waste management
Food Chemicals
Research Manufacturing

Qualifying criteria:

Minimum 250 employees, or;

Annual turnover exceeding € 50 million AND a total balance sheet exceeding € 43 million.

Qualifying criteria:

Minimum 50 employees, or;

Annual turnover and balance sheet exceeding € 10 million.

What happens if my business is not compliant?

The stakes for non-compliance with NIS2 are high, both in terms of financial penalties and operational impacts.

In 2023, T-Mobile experienced a ransomware attack that disrupted operations and resulted in significant financial losses and compromised personal information of 37 million people. Attackers have squeezed millions of euros from major companies in this manner, and even when ransoms are unsuccessful, the financial and reputational damage can linger for years.

These attacks are increasingly directed at smaller companies, like the case of G&J Pepsi, a small, independently owned bottling company in the beverage giant’s supply chain. A cyberattack in 2021 temporarily shut down their entire operation and threatened to take the company bankrupt, all because of a few days gap in updating their cybersecurity systems. Such incidents highlight the real-world risks businesses face when cybersecurity measures are inadequate.

Even if nothing goes wrong, non-compliance can result in substantial fines. Penalties from EU regulatory bodies can reach up to 10 million euros or 2% of the global annual turnover.

Turning compliance into a business advantage

While achieving NIS2 compliance is mandatory, it also presents an opportunity to enhance your business operations and security posture. Here’s how:

1
Enhanced Security
Implementing NIS2 requirements helps strengthen your cybersecurity defenses, reducing the likelihood of successful attacks and minimizing potential damage.
2
Improved Trust
Robust, well-designed measures demonstrate a commitment to cybersecurity, helping you build trust with customers, partners, and stakeholders.
3
Operational Resilience
By adopting a risk management approach and improving incident response capabilities, your organization can better withstand and recover from cyber incidents, ensuring business continuity.

Adapt NIS2 to your business

Looking at cybersecurity as its own silo is a very limiting approach, especially when you divert your own IT resources to put the necessary measures in place. Instead, you can outsource the specialized skills required to execute this one-time event, saving your bandwidth to sustain your core-business activities.

HSO understands the organizational intricacies of businesses with a global footprint, and we apply methodology that integrates cybersecurity into all aspects of your operations. This holistic approach helps create a robust and resilient security posture while ensuring that security measures are aligned with business goals and processes. In short, we are experts on the technologies, but business application and organizational alignment are central to our approach.

HSO also emphasizes the importance of scalable cybersecurity solutions that can grow with your business. This includes flexible risk management frameworks, adaptive incident response plans, and scalable security technologies that can be tailored to fit the eventual next round of NIS requirements.

Get started with a NIS2 Readiness Assessment... No strings attached

HSO can help you take the first step to ensuring you are NIS2 compliant. We conduct a thorough NIS2 Readiness Assessment to identify vulnerabilities and compliance gaps. Within two weeks, depending on the size of your business, we highlight the gaps so you can build a roadmap for achieving NIS2 compliance and enhancing overall security.

~2 weeks
Assessment
~4-6 weeks
Implementation

If you want to use your own resources, or existing partner, to cover your gaps, you are free to do so. Otherwise, we can implement the measures to fit your business needs, putting more resources where it will benefit your business most and leaving you prepared to scale your cybersecurity infrastructure as new challenges arise.

Don’t wait until the last minute—start your journey to NIS2 compliance today and turn these regulatory requirements into a strategic advantage.

Request your NIS2 Readiness Assessment

Discover how HSO can support your organizations' NIS2 preparedness & cybersecurity

This website uses cookies

We, and third parties, use cookies on our website. We use cookies to keep statistics, to save your preferences, but also for marketing purposes (for example, tailoring advertisements). By clicking on 'Settings' you can read more about our cookies and adjust your preferences. By clicking 'Accept all', you agree to the use of all cookies as described in our privacy and cookie policy.