NIS / NIS2 - What's that, I hear you say?
Well, The NIS (Network and Information Security) Directive was the first EU-wide law on cybersecurity which came into effect in 2016. Its aim was to achieve a higher and more even level of security of network and information systems across the EU (European Union).
Given the extensive growth in digitalisation since then, it was due for a refresh. Hence NIS2.
If you enjoy a feast of long sentences, striking data points and of course the obligatory set of exciting acronyms and abbreviations like TLA, which itself is an autological abbreviation (bet you didn’t know that now), you can still read the detailed 12-page overview of NIS2 here. Anyway, enough of the FYI and the IDK — let's look at some of the key points of NIS2. Lol!
Let’s start with some startling data from the various research and surveys carried out by the NIS team.
‘In 2017, Cybersecurity Ventures forecast that global ransomware damage costs would reach US$20 billion by 2021, 57 times more than the amount in 2015.
The global security market is currently worth around US$150 billion, a figure that many predict will rise to US$208 billion in 2023 and US$400 billion in 2026.
‘Data shows that EU organisations allocate on average 41 % less to cybersecurity than their US counterparts.’
NIS2 – A Simple Breakdown
For those who like a shortened version, feel free to download this NIS2 factsheet.
I like to keep things simple, so my take is as follows:
1. This is a good advancement in setting out requirements for EU based organisations to be more cyber security resilient in the coming years. It also clearly details the reporting rules and the impacts of not doing that correctly.
2. Like the cyber security industry eco-system, NIS2 is striving to enhance co-operation across the EU. The establishment of the European Cyber crises’ liaison organisation network (EU-CyCLONe) to support coordinated management of large-scale cybersecurity incidents at EU level is welcome.
3. Strengthened security requirements and focused measures including:
- Incident response and crisis management
- Vulnerability handling and disclosure
- Policies and procedures to assess effectiveness of cybersecurity risk management measures
- Basic computer hygiene practices and cybersecurity training
- Effective use of cryptography
- Human resource security
- Access control policies and asset management
4. The number of sectors covered in NIS2 has expanded to include eight added sectors, bringing the total to 15.
5. Timeline – Member states have to the end of 2025 to incorporate NIS2 requirements into national law.
Summary of NIS2
Get ready to rumble!
- NIS2 compliance is important in Europe because it helps to ensure the security and resilience of critical information infrastructure, such as energy, transport and healthcare systems.
- By implementing the NIS2 directive, organizations can better protect themselves against cyberattacks, and contribute to the overall security of the EU's digital landscape.
- Failure to comply with NIS2 can result in financial penalties and reputational damage.
How Vectra AI helps you being NIS2 compliant
At Vectra, we want to make the world a safer and fairer place by erasing the unknown with the best Attack Signal Intelligence™ on the planet. We continue to focus our attention on three main deliverables that help organisations rapidly and efficiently detect and respond to cyber threats.
- Attack Signal Intelligence™ - Vectra AI (Artificial Intelligence) and algorithms are at the heart of our offering.
- Security Operations Transformation – helping organisations to meet the challenges of today and tomorrow.
- Delivering a security platform that is easy to use, highly automated and integrates with cybersecurity ecosystem partners.
If you would like to learn more about how Vectra AI is delivering on our mission, check out the resources below.