Finance News

What tough new cyber regulations mean for big business


Oscar Wong | Moment | Getty Images

Companies could face hefty fines or even suspensions of service in the European Union under strict new cybersecurity regulations set to come into force next month.

The EU’s NIS 2 cybersecurity directive will on Oct. 17 become enforceable by member states. That means firms will have to ensure their operations are up to scratch with obligations set out by the new law.

The rules impose tougher requirements on companies around their internal cyber resilience strategy and internal practices.

CNBC runs through all you need to know about NIS 2 — from what the law requires to the potential penalties businesses could face for violations.

What is NIS 2?

NIS 2, which stands for Network and Information Security Directive 2, is an EU directive that aims to increase the security of IT systems and networks across the bloc. Introduced in 2020, the law serves as an update to an earlier directive simply called NIS.

NIS 2 expands the scope of its predecessor to address more recent cybersecurity challenges and threats that have emerged as criminals have found new ways to hack companies and compromise their sensitive data.

The directive applies to organizations that operate within the EU and provide essential services to consumers, including banks, energy suppliers, health care institutions, internet providers, transport firms, and waste processors.

The main areas it will address are risk management, corporate accountability, reporting obligations, and business continuity planning in the event of a cyber breach.

Geert van der Linden, executive vice president of global cybersecurity services at Capgemini, told CNBC that NIS 2 has effectively set a new baseline for companies on what’s acceptable to protect citizens, maintain operations and remain resilient in the face of cyberattacks.

“NIS 2 will be seen as a global standard by judges” when it becomes enforceable, Van der Linden added. “For our clients, regardless of whether they are seen as essential or important in the regulation, they have to look at that baseline and make sure they are compliant.”

By meeting this baseline, companies will effectively protect themselves against claims, Van der Linden added. He compared it to taking out home insurance to protect your house from burglars.

“Where do the burglars go? It’s always the least protected house. They open every door to see where can they get in,” he said. The same is becoming true for companies looking to protect themselves from cyberattacks, Van der Linden added.

Under NIS 2, firms will also have to vet their digital supply chains for cyber threats and vulnerabilities. Companies today use multiple different products and tools every day, giving criminals more potential avenues of attack.

Chris Gow, head of Cisco’s EU public policy team, told CNBC that a “mapping exercise” will take place under NIS 2 where companies have to scan their tech vendors to evaluate any potential risks.

Businesses will also have a “duty of care” to report and…



Read More:
What tough new cyber regulations mean for big business

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More