ESET Technical Document: NIS2 – The Countdown is On

pts20240815007 Technology/Digitalization, Politics/Law

How CISOs Drive Awareness and Implementation Among Executives

Gina (pts007/08/15/2024/2:50 PM)

The German Federal Government has set the course for the national implementation of the NIS2 Directive. The Federal Cabinet has approved a draft law that now needs to be presented to Parliament. It is therefore time to address the requirements. The IT security manufacturer ESET has published a new white paper on the NIS2 Directive. “NIS2 – The Countdown Has Begun: How to Promote Awareness and Implementation among Managers” provides IT security managers with the right tools to communicate with management. You will receive useful tips on how to communicate policy implementation to management and enforce compliance. The white paper is Free to download available.

“NIS2 provides organizations with the opportunity to strengthen their cybersecurity strategies and increase their digital resilience,” explains Phil Moncaster, author of the white paper. “Leaders must recognize the value that comes from NIS2 compliance and take effective steps to protect their organizations.”

Expanded scope and higher penalties

The NIS2 Directive covers a wider range of sectors and introduces stricter security requirements. Companies must now implement ten mandatory basic security measures and report incidents within 24 hours. In the event of gross negligence, directors can be held personally liable. The penalties for companies can be severe: up to ten million euros or 2% of global annual turnover can be imposed for incidents occurring in important companies.

Finding the right words with management

The importance of cybersecurity to a company’s success is becoming increasingly apparent at the management level. CISOs must speak the language of business risks and use concrete examples to convince business leaders. In many cases, this is no easy task: out loud studies Only five percent of European managers have experience in IT security. The report therefore provides valuable advice on what communication with managing directors and board members could look like. From the right language and the right argument structure to risk analysis: IT security managers are given the right tools to convince company management.

Planning a NIS2 Compliance Program

“Finding the right words with management is the first step once a decision is made to fund the NIS2 compliance program, the project must be put into action,” Moncaster continued.

The White Paper therefore provides guidelines for planning such a programme. This includes conducting a CAP analysis, planning training and awareness-raising activities, and examining government assistance to fund compliance measures. Companies should view NIS2 compliance as an opportunity to accelerate their digital transformation and growth.

Conclusion: It's time to act.

The NIS2 Directive is designed to strengthen cyber resilience in the EU and require businesses to take appropriate security measures. CISOs must convince senior leadership of the importance of NIS2 compliance and ensure that the organization remains compliant. ESET’s white paper provides valuable insights and practical advice to help businesses on this journey.

You can find more information in the white paper “NIS2 – The Countdown is On: How to Boost Awareness and Implementation Among Managers”: www.eset.com/de/nis2/nis2-to-ceo

(end)