The new law will affect a much larger number of companies and institutions than before. It is no longer enough to simply have antivirus software and assume that this form of protection is sufficient. Going forward, organizations will need to address risk management, conduct regular audits, provide employee training, and implement many other measures to help keep their data and operations secure.
Who is now subject to regulation?
- Medium-sized and large companies in the energy, transportation, healthcare, and banking sectors, as well as, more recently, in research, manufacturing, and digital services
- Municipalities with more than 10,000 residents
- Critical Infrastructure Suppliers
What will need to be implemented?
- Appointment of a Cybersecurity Manager
Every organization will need to designate a person responsible for cybersecurity. This role is not merely a formality—it involves actual management and coordination of activities. - Another requirement introduced by the law is regular audits and penetration tests—that is, tests that simulate real-world hacker attacks. The goal is to determine how well your company is prepared and to identify vulnerabilities before someone else does.
- Great emphasis is also placed on employee training. Why? Because people are often the weakest link in the entire security chain. The law therefore assumes that people will know how to recognize phishing, vishing, and other fraudulent techniques.
- Another new requirement is the need to ensure security among your suppliers as well. It’s not enough to have your own systems secured—you’ll also need to keep track of how well those you work with are doing.
- And what if a security incident does occur? In that case, you need to act as quickly as possible—the law requires you to report it within 24 hours of becoming aware of it.
How can you tell if this applies to you?
It’s not always easy to determine whether your company falls under the new law. Size, revenue, industry, and societal impact—all of these factors play a role. And even if you aren’t directly subject to the regulation, cyber threats can still affect you.
We’ll help you get ready
We specialize in cybersecurity and can help you determine whether the new cybersecurity law applies to you. If so, we will propose specific steps to help you comply with the NIS2 Directive:
– We will set up processes and recommend a suitable cybersecurity manager,
– We will conduct an initial audit,
– We will provide training and, if necessary, penetration tests.
Don’t underestimate the new cybersecurity law—it’s about more than just compliance. It’s about trust, reputation, and the future of your business. We’re here to have your back.
Get in touch with us so you can start preparing in time.
