Navigating Cyber Compliance: Preparing for NIS2
Join our CyberConnect Roundtable Series
Are you wondering how the NIS2 Directive will impact your business? Join us for a roundtable discussion that will shed light on what the Directive covers, how you can prepare, and what remains unknown about its implementation.
Due to the high level of demand for our September roundtable, Hunt & Hackett is pleased to announce another session dedicated to the NIS2 Directive on October 26. This session will follow the same format as the September discussion.
Interested in the topic, but can't attend in October? Register for one of our upcoming CyberConnect roundtables.
- 15:00 – 15:30
- 15:30 – 16:00
Francisco Dominguez, Hunt & Hackett's Research and Innovation Lead, will give an overview of the changes that are expected under the NIS2 Directive.
- 16:00 -17:00
Event host, Marcel van Oirschot, will lead a group discussion. We will go through any concerns, challenges, or learnings you would like to share about the Directive's arrival and implementation. This is also a great opportunity to glean insights from Hunt & Hackett's security experts.
- 17:00 – 17:30
We will conclude the session with some key takeaways and recommendations.
- 17:30 – 18:00
Sign Up Now
Preparing for NIS2
How can you ensure compliance?
The second Network and Information Systems Directive (NIS2) came into force in January 2023. This new legislation follows and replaces the 2018 NIS Directive, broadening the scope of enterprises to which it applies. The Directive also introduces mandatory incident reporting requirements for companies falling under its scope. Its aim is to strengthen cybersecurity networks across a variety of sectors in the EU in a harmonised manner.
The most significant change that comes with the implementation of NIS2 relates to the scope of sectors deemed “critical” in the EU. Under the previous NIS Directive, eight sectors were classified under “essential services”, and Member States were granted significant discretion in the classification of such services. Under NIS2, an expanded list of 11 sectors falls under “essential services”, and an additional seven sectors (deemed “important services”) are also subject to regulation. Organisations falling under the scope of NIS2 will need to implement 10 cybersecurity measures set out in the Directive. They will also face additional obligations related to incident reporting and supply chain security.
However, before you begin to implement new cybersecurity and risk management measures, keep in mind that they are only a portion of what NIS2 requires from you. The first step should be to examine the structure of your business and management, as the Directive’s incident response and reporting requirements may call for significant reorganisation of security monitoring, incident response, processes and infrastructure.
While some aspects of NIS2’s implementation remain ambiguous, you can already take steps to prepare. These include setting up an internal management group focused on compliance and investigating the cybersecurity training options available to you. Interested in learning more about how NIS2 may apply to your business? Read our detailed analysis at the link below.