- 11.10.24
- Lesedauer: 2 Minuten
What is the best way for companies to implement cyber security requirements?
Increasing networking and digitalisation not only bring numerous benefits, but also considerable risks. Cyber attacks and IT security incidents can have a serious impact on companies and society. To counteract this, the EU’s NIS 2 Directive places increased demands on companies’ cyber security. The directive obliges a large number of companies in various sectors to take comprehensive security measures.
Germany has already taken measures to transpose the NIS 2 Directive into national law. The Federal Republic of Germany pursues a comprehensive approach that includes legal as well as technical and organisational measures. (You can read more about this in the article NIS 2 Directive: Implementation and current status in Germany)
Who is obligated?
The NIS 2 Directive applies to companies and organisations operating in certain critical sectors. The 18 sectors affected include, among others:
What are the requirements?
The NIS 2 Directive places a number of technical, operational and organisational requirements on the companies concerned, including
What do companies need to look out for?
Various areas of the company are involved in the implementation of the NIS 2 Directive (IT, Compliance, Data Protection, HR, QM, etc.). Holistic risk management involving all stakeholders is therefore essential for companies.
Companies should pay particular attention to the following points: