Blog

Don’t panic about NIS 2

Our overview will help you avoid breaking out in a sweat and prepare your company now
11. September 2024
Picture of Dirk Kleinert
Dirk Kleinert
Picture of Sammy Richter
Sammy Richter

The clock is ticking, and NIS 2 is getting closer. What do you need to do? Or is no action necessary in your case? In any case, one thing is certain: Anyone who simply ignores NIS 2 may face severe penalties. With our quick overview, you’ll know in just three minutes what you need to do now to prepare:

1. NIS 2 affects more companies than before

The EU Directive on Network and Information Security 2 (NIS 2) is an extension of NIS 1. But take note: It affects more companies than before! This is because criteria such as company size, number of employees, and revenue have been adjusted. Service providers and suppliers of critical infrastructure companies can also be affected. So be sure to check whether your company is required to register! You can determine this German Federal Office for Information Security (BSI).

2. NIS 2 is not just a task for the IT department

NIS 2 concerns the general security of networks and information – and is therefore not just the responsibility of your IT department. Physical and personal security must also be taken into account. An information security management system (ISMS) is used for this purpose.

3. The countdown has already started

In Germany, a law on NIS 2 is planned to take effect in the fall of 2024 – in just a few months. This marks the start of the transition phase, during which affected companies must actively register. The expected deadline for registration is July 2026. You should know that setting up an ISMS takes about a year. So start now, since there is still time to prepare yourself well for all of the requirements!

4. Just ignore it? Think again!

Ignoring the new requirements and claiming ignorance won’t work with NIS 2, because that approach can quickly become very expensive. If a company fails to comply with its reporting obligations, it may face heavy fines of up to 2% of its annual global revenue or EUR 10 million, whichever is higher. Companies must therefore get active and register by July 2026 if they are affected by NIS 2. The reporting chain must be clear, i.e., who reports security incidents and to whom, and within what period of time.

5. What you can do now

To be optimally prepared, you should carry out a gap analysis with regard to NIS 2 by consulting with an IT company specializing in security. This will allow you to set up an up-to-date ISMS for your company o ensure that you meet the requirements of the new directive. In order to perform the analysis quickly and effectively, you can clarify a few things in advance: 

  • Are your systems up to date? Are there any old systems anywhere in the company that no longer receive update support?
  • Have all of the updates been implemented? Can pending updates be carried out in a structured manner without causing conflicts with normal operations?
  • What provisions govern risk and emergency management at your company? Who is responsible for what – including on weekends, holidays, etc.? Who speaks with whom? Is there a plan B if an attack is successful?
  • Have processes already been documented? If so: Which ones and in what areas?
  • Which suppliers and service providers work with your company? Which work and infrastructure areas do they have access to?
  • Where is sensitive data physically stored or digitally saved? How have you protected these data so far?
  • What access rights policies have already been adopted by the company? How is compliance with them ensured?

Of course, an ISMS cannot be set up overnight. However, you can use a gap analysis to set the right priorities. With regard to NIS 2, the reporting chain to be followed in the event of security incidents is particularly important.

So NIS 2 is no reason to panic. If you take an active approach to the whole thing, you will benefit in the long term, also in terms of audits and certifications. With a clear view of the processes in your company, you can invest in the right things and set up better time frames for introducing new technologies. Our security experts will be happy to help you get ready for NIS 2. Simply contact us.

Case Stories

Case studies

New visionary data platform PFA

Skaylink supports Ensinger in increasing its level of security – one important part of this is the Cyber Security Center.
Read more
Blog

Don’t panic about NIS 2

Our overview will help you avoid breaking out in a sweat and prepare your company now
Read more
Case studies

Increased level of security for Ensinger

Skaylink supports Ensinger in increasing its level of security – one important part of this is the Cyber Security Center
Read more
Blog

Manage memory with M365 tools

Would you like to optimize your memory in SharePoint Online? We’ll show you how to avoid unnecessary memory use.
Read more
Case studies

Skaylink uses AI to analyze large quantities of data for IMWF

Skaylink combines rule- and AI-based methods for rapid analysis of large quantities of data for IMWF.
Read more
Blog

Trivy: Secure Docker Containers in CI/CD Pipelines

Improve Docker container security in CI/CD pipelines using the Trivy vulnerabiity scanner.
Read more
Blog

Legacy applications: Turning old into new

Skaylink brings legacy applications to life by integrating modern components, new APIs, and a modern UI to improve efficiency and user experience.
Read more
Blog

“You’ve been hacked” – and now what?

Compromise recovery – the fastest and most effective way to gain control of your own infrastructure after attacks
Read more
Webinars

Copilot Studio Deep Dive

Join our expert Idlir Islamaj as he takes you on a journey into the world of Copilot Studio.
Read more
Case studies

SimCorp creates innovative and user-centric software with the InvestApp

SimCorp’s InvestApp revolutionizes financial analysis with modern tech and Axioma’s advanced tools. This cloud solution delivers intuitive, real-time insights, transforming portfolio management.
Read more
Blog

InfoPath is dead… and now?

Support for InfoPath Forms Services in SharePoint Online will be retired in 2026 – read in the blog which option you have
Read more
Blog

Leveraging cloud AI: Your guide to smoother deployments with AI-SPRINT

Use AI efficiently in the cloud: AI-SPRINT makes the process of providing AI workloads safer, faster and easier.
Read more

Unlock your cloud potential with our experts

Your cloud journey starts here.

Contact

Skaylink are Europe’s top digital transformation and cloud specialists. By applying our wide-ranging cloud expertise, proven frameworks, established best practices, innovative methodologies and a suite of software-based tools, we deliver fast, secure, and compliant digital transformation for clients across every sector and jurisdiction. 

Where do you want to go on your cloud journey? Take Skaylink with you.

Solutions
Cloud technologies
About Skaylink
Follow
Contact

Skaylink
Zielstattstr. 42
81379 Munich
Germany

+49 89 538863-0
sales@skaylink.com

© 2024 Skaylink. All Rights Reserved.