Since 2016, the European Union (EU) has been trying to unify legal standards and requirements for cybersecurity. Now, with the adoption of the Network and Information Security Directive (NIS2), these efforts reach their culmination point.

The aim of the directive is to align cybersecurity best practices across countries and sectors and fill in some of the gaps in the regulatory ecosystem, across both countries and sectors. The directive is so promising that even states outside the EU are working on adapting it into their respective legal frameworks.

“Following regulations is not enough to prevent cyberattacks. Organisations need to invest in the right cybersecurity technologies and seek guidance from expert specialists, adopting a proactive security culture.”

working cyber security

The need for a unified approach

Although cybersecurity is high on organisations’ agendas, many don’t have the defences in place that regulators and governments now recommend and require. At the same time, organisations are facing an increasing number of threats. For instance, research shows that in 2022, the number of cyberattacks in Europe rose by 26% compared to 2021.

Research from the EU sheds more light on the situation: 37% Operators of Essential Services (OES) and digital service providers do not operate a Security Operations Centre. Additionally, OES IT budgets dedicated to Information Security in 2022 are lower compared to 2021, down to 6.7% from 7.7%.

NIS2 provides organisations with a list of measures to build robust cyber defences, helping them mitigate the risk of cyberattacks and ensure they know what to do when an attack happens.

These measures include:

  • Preparedness – this requires organisations to be appropriately equipped. For example, this includes having a Computer Security Incident Response Team and a competent national network and information systems authority.
  • Developing a proactive cybersecurity culture – developing this culture is crucial for sectors that are vital for the European economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.

Regulation will not be enough

Following regulations is not enough to prevent cyberattacks. Organisations need to invest in the right cybersecurity technologies and seek guidance from expert specialists, adopting a proactive security culture.

The channel opportunity

Any new regulation brings with it risks and rewards. For organisations the risks of non-compliance are considerable. Once in place, fines can go up to €10 million or 2% of global annual revenue (for essential entities) or €7 million or 1.4% of global annual revenue (for important entities).

On top of this, management can be held personally liable over NIS2 failures, with regulators also having the power to potentially suspend operations.

The deadline for compliance is Autumn 2024. For the channel this brings opportunity, but organisations need to act now. Vendors, distributors and most importantly value-added resellers have the opportunity to offer advice and services that enable organisations to achieve compliance and ultimately strengthen their cybersecurity posture.

The channel has the opportunity to truly partner with CISOs to help sustainably strengthen cybersecurity and ensure that management teams fully understand the risks their organisations face.

How Infinigate can help

As a cybersecurity powerhouse and specialist in IT and Operational Technology (OT), Infinigate offer a large portfolio of cybersecurity solutions that can be deployed to achieve compliance with NIS2 regulations.

Additionally, our cybersecurity experts are on hand to support our channel partners in acquiring the necessary know-how to provide customers with holistic advice – from risk evaluation to mapping of NIS2 requirements and solution implementation.

For resellers who lack the necessary resources or prerequisites to offer service packages to their customers, Infinigate provides white label managed services that can be customised to suit local customers.

Find out more

To find out how more about Infinigate can support you to enable your customers to achieve compliance and strengthen their cybersecurity posture, please contact us.

You can also download our NIS2 white paper.

Patrick Scholl

Patrick Scholl is Head of OT at Infinigate.

This article was originally published by Computer Weekly: NIS2: Why organisations need a unified cybersecurity standard | Microscope (computerweekly.com)