Worried about NIS2? This is how we will succeed together

The cyber threat environment is constantly evolving. NIS2, Network and Information Systems Directive 2, is the European Union’s response to make sure that citizens, businesses, and organizations alike are protected against the threats as well as possible. The directive, which will take effect on 17 October, directly affects mid-size and large organizations in the EU across sectors classified as “essential”, such as energy, waste and water companies, digital infrastructure and providers, transport and postal services, production of chemicals and food, and public administration.

A recent study by Microsoft and IDC Research reveals that while most organizations understand NIS2’s objectives and associated costs, only 14% are fully prepared for it, and 9% have not even started preparing for NIS2 yet. However, a challenge shared by all organizations is the tight timeline of the compliance requirements.

From cybersecurity training to risk analysis, NIS2 sets new obligations

In practice, NIS2 sets certain cybersecurity and risk management obligations for organizations, the most important of which include:

• Risk analysis and information system security policies: Organizations must carry out risk analyses and establish information system security policies, for instance, for cybersecurity incident management and business recovery.
• Supply chain security assessments: Businesses must understand and assess the security of their supply chain, including relationships between suppliers and service providers in the procurement chain.

• Cybersecurity training: Organizations must offer cybersecurity training to their employees and document cyber hygiene practices.
• Encryption methods: Businesses must implement encryption methods and document the policies and procedures related to their use.
• Identity and access management: Businesses must ensure procedures related to access management, as well as general security. This can include the use of multi-factor authentication (MFA) or continuous authentication solutions.

By implementing advanced security features, you can detect threats and respond to them before they cause damage. Identity and access management ensure that only authorized individuals have access to sensitive information and systems. Cloud-based applications provide the most secure and reliable platform for managing and protecting data and systems.

Inside your organization, we encourage you to involve the leadership team and the Board of Directors to be part of the NIS2 compliance process and communicate clearly what NIS2 means for the organization. Your NIS2 project team should have versatile competencies and consist of CISO, CIO, legal, and compliance leaders due to the various aspects of the incoming directive.

To support you on your NIS2 journey, cybersecurity experts at Microsoft and our partners are ready to evaluate your current situation and design a new cybersecurity plan that matches your needs. Together, we are able to provide services that protect your systems and data with industry-leading solutions, in line with Zero Trust principles. With good cooperation and modern solutions that fulfil the most recent requirements, we want to ensure peace of mind for cyber experts.