KPMG: New cybersecurity directive will affect about 7,000 companies and authorities

The new European directive on cyber security NIS2, which will come into force next year, will affect about 7,000 domestic companies and state institutions. This is 17 times more than the existing NIS1 directive regulated. A large number of companies and authorities are still not prepared for the new obligations, with around 70 percent of domestic organisations having problems with cyber security. This is according to data from consultancy firm KPMG.

According to the newly established NIS2READY alliance, the entities concerned have shortcomings in, for example, risk analysis or network segmentation. They will now have to monitor the cyber security of their suppliers as well. Among other things, regular employee training, prompt incident reporting and sharing of security reporting at corporate, national and European level will be required. Another important new feature is the need to use a European certification system for cybersecurity products.

Non-compliance with NIS2 carries fines of up to ten million euros, or two percent of global turnover, and penalties for top management.

"In many ways, NIS2 will be comparable to the revolutionary GDPR, which has tightened data protection across the board in the EU. Like GDPR, NIS2 talks about top management accountability, so future blunders will no longer be blamed on the security manager alone. Therefore, it is better to start preparing for NIS2 now," said Tomáš Kudělka, head of KPMG's technology team.

With the new cybersecurity law set to affect a number of industries and services, including power generation, healthcare delivery, electronic communications services and more, it is important for organisations to act early and prepare for the new requirements now, according to vshosting's commercial director David Lintimer.

"As this is one of our high priorities, we started working on it very intensively even before the implementation of the directive was announced. As a result, our clients are already well secured in vshosting," added Lintimer.

The alliance was formed to raise awareness of the severity of NIS2 and to help with adaptation to it. Because of NIS2, the National Cyber and Information Security Bureau (NCIS) is finalising a new law on cyber security, which is due to come into force within the next year. The Alliance brings together technical and legal experts and will also help procure grant support for the necessary investments in cyber security strengthening that NIS2 will require.

Cisco's Cybersecurity Readiness Index survey of 27,000 professionals in 21 countries shows that 82 percent of companies expect to face cyber attacks in the next two years. However, only 15 percent consider the level of cybersecurity in their enterprises to be strong enough to deal with these threats.

Source: KPMG and CTK