Team CryptoInsightfull 
More cyber attacks
The need to increase the cyber resilience of vital services is obvious. Over the past few years, we have seen an upward trend in the number of organisations facing cyber attacks. In addition, we also see an increase in the damagesand lasting impact of a successful attack. The NIS2 directive was therefore created to safeguard the continuity and integrity of a number of vital sectors as well as supply chains. The original NIS covered sectors such as energy, drinking water and banks. The NIS2 drastically expands the list of vital sectors to include government services, food and managed service providers, among others.
EU Member States now have until 17 October 2024, to transpose its measures into national law. That sounds long, but for a law of this stature, that is a reasonably short timeframe. The NIS2 is a big step in the right direction when it comes to cybersecurity. However, it does take away a certain amount of freedom. Currently, the cybersecurity landscape among companies is very fragmented. Companies choose for themselves to what extent they do something about cybersecurity or not. By implementing the directive, you take away this freedom, but you can be sure that parts of the infrastructure meet a common minimum security standard. Since comprehensive risk management is also part and parcel of NIS2, companies will have to put down in writing, which measure were and were not taken to improve security.
The notification requirement will increase cyber resilience. In the current situation and as dictated by GDPR regulations, an organisation only has to report a data breach, but not, for example, a ransomware attack (which by now is in most of the cases also a data breach due to double extortion schemes) or abuse of a vulnerability. So this is going to change. With information about a cyber attack being reported and shared clearer and in a more efficient way, companies will find it easier to learn from each other how to optimise their security.
