In 2023, Europe experienced an average of 1,557 weekly cyberattacks per company, an increase of 86% compared to the previous year. And, as the digitalization and digital transformation of companies advances, their IT and OT infrastructures are increasingly integrated, which considerably increases the field in which cybercriminals can act. In addition, they are increasingly carrying out more sophisticated attacks, integrating AI tools, so the risks are increasing. For that reason, The EU has launched NIS2, which seeks to prioritize cybersecurity.
The NIS2 Directive is primarily aimed at organizations essential to the supply chain of critical infrastructure products. In our daily work, at Grupo Aire we are often encountering companies of all types that after reading the regulations still have doubts about the way in which they have to apply them.. The message we try to convey to them is that they have to be aware that they have to improve the governance of their cybersecurity, as well as risk management measures and prepare for the new obligations that come from this regulation and that includes the presentation of reports. .
We also convey to them that they must use internationally recognized frameworks, such as the ISA/IEC 62443 series for OT security, to meet the necessary compliance requirements.
Fines and criminal liability
The NIS2 Directive represents a great leap in obligations compared to the initial NIS Directive. The EU will now impose: Financial sanctions: similar to those provided for in the GDPR legislation, on organizations that do not comply within the established deadline.
- Essential entities – (€10M) or (2% of total global annual turnover)
- Major entities – (€7M) or (1.4% of total global annual turnover)
Administrative fines: Competent authorities may impose administrative fines for non-compliance with specific obligations under the directive.
Corrective measures: They may require entities to implement specific corrective measures to address the identified non-compliance.
Liability for damages: Entities that fail to comply with their obligations under NIS 2 may also be liable for damages caused.
Additionally, there will be repercussions for C-level executives in organizations that do not comply with the NIS2 Directive, including potential restrictions on the positions they hold within executive boards.
More information in the Aire Group’s best practices guide for applying NIS2.
Signed:
Nelson Nogueira
Business Unit Manager – Strategic Outsourcing de Grupo Aire
/cdn.vox-cdn.com/uploads/chorus_asset/file/25794293/VST_1217_Site.jpg)
