NIS-2 is coming - prepare for it now

NIS-2 - medium-sized companies also affected

On 18 October 2024, the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG) is to come into force as a national implementation law for the EU NIS-2 Directive. This will greatly expand the group of affected companies and go far beyond the existing KRITIS organisations. In particular, many medium-sized companies will also fall within the scope of NIS-2. But what is the best way to start and what measures should be initiated promptly?

Scope of application

The first step is to check whether you fall within the scope of NIS-2. At the moment, around 30,000 companies in Germany are expected to be affected, although this figure could rise, as the supply chains explicitly mentioned in risk management must also be taken into account. As the criteria often raise questions, we have developed a decision generator with which we can support you in analysing the extent to which you are affected. If your company falls within the scope of application, you should identify affected processes and organise a project group with those responsible.

Risk management measures in the area of cyber security

According to the NIS 2 Directive, ‘particularly important institutions and important institutions must take appropriate, proportionate and effective technical and organisational measures to prevent disruptions to the availability, integrity, authenticity and confidentiality of information technology systems, components and processes’. The required measures range from concepts for risk analyses and crisis management to specific requirements such as the implementation of multi-factor authentication. In some cases, you may have already implemented these measures as part of other requirements. To summarise, it can be said that the implementation of the NIS 2 directive can only be achieved with an effective information security management system (ISMS). If you already have an ISMS in place or are even ISO 27001-certified, you can build on this. As part of our online seminar, we will give you an overview of the measures that you may have already implemented elsewhere, which remain open even with an ISMS, and show you possible solutions. 

How can we support you?

As part of online seminars and blog posts, we inform you about the latest developments regarding the National Implementation Act (NIS2UmsuCG). We are happy to offer to carry out an impact analysis in cooperation with our legal experts. If this is the case, we recommend carrying out a joint gap analysis to work out where you currently stand and what you lack in order to fulfil the requirements. We also offer holistic implementation consulting and, of course, modular support for implementation. This can include ISMS consulting or support for the introduction of business continuity management, as well as penetration tests or the activation of a Security Operation Centre (SOC). Please do not hesitate to contact us.