Critical sectors such as transport, energy, healthcare, and finance are increasingly dependent on digital technologies to operate their core businesses. While digitalization offers enormous opportunities and solutions to many of these challenges, it also exposes businesses and society to cyber threats. Cyberattacks and crime are increasing in number and complexity across Europe. This trend is set to intensify in the future, with 22.3 billion devices worldwide expect to be connect to the Internet of Things by 2024 (more information on how the European Union (EU) plans to address cyber threats can be found here Directive: Strengthening cybersecurity.
Protection of network and information systems (NIS) Directive: Strengthening cybersecurity
Four years after its implementation, an NIS Investments report (NIS Investments report, published in December 2020) by the European Union Agency for Cybersecurity (ENISA) examined how cybersecurity spending has changed since then, based on a survey of 251 operators of essential services (OES) and digital service providers (DSPs) from France, brazil business fax list Germany, Italy, Spain, and Poland. The survey found that 82% of OES and DSPs believe the NIS Directive has had a positive impact. However, investment gaps remain, and when comparing EU and US organizations, the data shows that EU organizations spend, on average, 41% less on cybersecurity than US organizations.
NIS 2
The new directive, called “NIS 2,” replaces the current NIS Directive and was adopte by the Council of the EU and the European Parliament in November 2022 (see press release of November 28, 2022 ). The NIS 2 Directive was publish in the Official Journal of the EU on December 27, 2022 , avoid the pitfalls of spam link building and will enter into force on January 16, 2023. Member States then have 21 months to implement it into national law.
The NIS 2 Directive defines eighteen sectors (eleven “essential” sectors and seven “important” sectors. Some of which overlap with, but some of which extend beyond, the German KRITIS (critical infrastructure) sectors and UBI .
The text also clarifies that the directive does not apply to entities carrying out activities in areas such as defense or national security, public safety, and law enforcement. Judiciaries, parliaments, and central banks are also excluded from the scope. However, NIS 2 will also apply to public administrations at central and regional levels.
NIS 2 aims to promote a more effective risk and incident management system and increased cooperation between countries.
Reporting of security breaches
Essential and important entities must report significant. Security breaches to the National Computer Security Incident. Response Team (CSIRT) network following a multi-stage process. The first notification should be made within 24 hours, botswana business directory followed by a . Second notification with an analysis of the incident within 72 hours of. Becoming aware of a significant incident (Article 23(4)).