HomeHow to deal with new cybersecurity legislation

Share on social media

How to deal with new cybersecurity legislation

This year, a number of companies from different industries will be affected by new legislation and regulations related to cybersecurity. NIS2, the EU's updated security directive aimed at raising the overall level of cybersecurity across the Union, is one of them. Despite the fact that NIS2 raises the requirements for how companies work with cybersecurity, many are unaware of whether they are covered by the regulations, what they mean and how to implement them in their business. 

NIS2 is designed to increase your organisation's ability to resist and respond to cyberattacks. Whether or not your organisation is covered by NIS2, there is a lot of best practice to draw on to work more proactively and strategically on cybersecurity across your business.

"Among those who are aware of what NIS2 means, many believe that the legislation will make a positive contribution to cybersecurity work and to digitalisation in general. NIS2 is a good basis for starting or continuing the work on strategic security in the organisation, both at management level and in technical solutions and the internal culture." says Johnny Eriksson at Nordlo 

However, according to Radar, 74% of Swedish companies believe that their business lacks sufficient expertise in NIS2, and 4 out of 10 do not believe they will be ready when the directive comes into force on 17 October 2024.  

 

“NIS2 is a good basis for starting or continuing the work on strategic security in the organisation”

 

These are the demands NIS2 places on businesses:

Make cybersecurity a management issue 

When organisations are breached, it's not just individual applications that are affected, but entire businesses. So it's no wonder that the updated NIS2 Directive increases the requirements for risk analysis, security measures and the active involvement of management in the organisation's cybersecurity efforts. This means that cybersecurity can no longer be seen as just an IT issue, but a business risk to be managed at a strategic level within the organisation. 

Therefore, it is important that the management team is well aware of what NIS2 means for your security work and what changes must be made to fulfil the regulatory requirements. Cybersecurity is a business strategy issue that should be a standing item on both the quarterly reconciliations with your IT partner and the corporate management team and board meetings. The goal is for cybersecurity to be an integral part of everything you do as a business - not an isolated function of the IT department

One of the biggest risks of not complying with NIS2 is clearly financial. On the one hand, there are sanctions if the company fails to comply. But on the other hand there is also the direct financial loss that a security incident entails. Investing in your cybersecurity doesn't drive increased profitability per se, but it does reduce the risk of losing profitability due to an incident - both in terms of business interruption and brand damage. 

 

The goal is for cybersecurity to be an integral part of everything you do as a business - not an isolated function of the IT department”

 

Secure your current situation and look ahead

Using NIS2 as a best practice will strengthen your protection against attacks while creating a secure and resilient organisation. Simply take stock of your current situation to identify your weaknesses and address them. 

Information security is one of the cornerstones of the Security Directive and is crucial for a robust, proactive security programme. Time is a scarce commodity once a breach occurs, which makes prevention an invaluable part of your cyber defence. In addition to keeping track of your information assets, how they are stored and what level of security they should have, this also means:

  • Identifying and documenting risks and vulnerabilities. The risk analysis involves analysing your entire IT environment to identify vulnerabilities, data worthy of protection and address shortcomings in your cybersecurity. 
  • The right security solutions in place. Ensure that your most critical systems, data and applications are protected and resilient according to the requirements defined by NIS2 
  • Develop a contingency and business continuity plan. What security solutions and measures are required to enable you to quickly restore critical functions and systems? Establish a contingency and business continuity plan to better control the impact of any incident and minimise the impact of disruption on your business.
  • Aligning emlployees. Users often represent a major risk. Train your staff on basic security principles and explain their role in the action plans in place. This is an important part of strengthening your security culture and increasing overall security awareness within your organisation.

Organisations with a high level of security maturity have in common that they are much more likely to work continuously on prevention, training and compliance, and that they know what the responsibilities are when dealing with security incidents that occur. Less security-mature organisations are more reactive in their approach to cybersecurity. 

 

Information security is one of the cornerstones of the Security Directive and is crucial for a robust, proactive security programme.”

 

Contributing to security throughout the supply chain

A more secure supply chain is an important part of NIS2. This means that many people will be indirectly affected by the stricter security directives as they are suppliers to companies in the affected factors. Suppliers may therefore be scrutinised by both customers and authorities when the directive comes into force. 

This places demands on you as an affected company who must have good knowledge and insight into your supply chain to assess the overall security level of all suppliers, not just in your own business. 

Even if your business is not one of the companies directly covered by NIS2, the framework can still be used as best practice to address security issues in your organisation. All organisations will benefit from adopting the NIS2 recommendations.

Contact us at Nordlo for advice on technical solutions and strategies that will increase your compliance with new legislation such as NIS2.   

 

How can we help you?

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data