Partners’ IT problems can quickly become your own. Depending on size or industry, NIS2 also requires companies to assess the cybersecurity of suppliers and service providers. This raises questions like:
- What do I pay attention to when selecting service providers?
- How do my contractors protect their own systems?
- How are risks insured?
While it was previously sufficient to concentrate on direct business partners, it is now important to examine the supply chains. In practice, this can mean that companies operating in risk areas have to contractually regulate how subcontractors report incidents, ward off threats and also provide insights into their own IT landscape.
What is particularly devastating is that very few people believe that they can fully control risks in their own supply chain. According to the “Global Supply Chain Risk Report 2025” from Willis Towers Watson (download against data), this only applies to eight percent of the around 1,000 companies from various industries surveyed worldwide.
NIS2 also provides the framework for keeping your business operational. It is important for company managers to put processes and their respective dependencies to the test. For example, business continuity management is just as necessary as a backup and disaster recovery strategy, which must also be tested and updated regularly. Because business continuity is not a static but a dynamic concept that must be adaptable depending on the situation.
In this context, questions arise such as:
- Which functions are critical for a company?
- How long can outages be tolerated without the threat of substantial damage?
- What measures can be taken to prevent something worse from happening?
Exchanging data with suppliers and keeping production facilities available – interconnected business models also need this kind of connectivity. Internet nodes can play a role in this. On the one hand, as a component of the digital infrastructure of a networked economy, and on the other hand, to connect multi-layered business relationships in a resilient way. An intelligent interconnection strategy is therefore an equally natural component of corporate public services.
