Return to overview
3 min read

NIS2: How the New EU Cyber Law Protects Your Business

3 min Read
May 30, 2024
By: Marcel van Asperdt
By: Marcel van Asperdt
30 May 2024

Cyber attacks are now big business – but they’re impacting smaller companies. Last year, nearly half of European SMEs experienced at least one attack. All it takes is outdated software, or one unsuspecting click on a phishing email, to find your business in the grip of bad actors. 

The consequences can be devastating; many businesses never fully recover. And the collective impact goes beyond any one business, putting the entire economy at risk.

That’s why the EU is pushing businesses to boost their cyber resilience now. 

Not acting on NIS2 isn’t an option anymore

Cyber attacks are not only more rampant, they’re more sophisticated, too. Thanks to AI, phishing emails are highly convincing, and business email compromise is surging – making it easy for even informed employees to inadvertently give away key data. We’re at a crucial point of vulnerability, in the midst of an arms race between cyber crime and cyber resilience.

And that’s how we need to see it. As a collective threat – to be kept at bay through collective effort. 

The EU Cybersecurity Strategy, unveiled in 2020, is a comprehensive initiative aimed at safeguarding a secure online environment globally. The regulations that have resulted mark a fundamental change in the way we approach cybersecurity.

As the focus shifts to sector-wide resilience, cybersecurity has moved from optional to essential. Instead of being something a business might do someday, it’s something every business must address – right now.

Determine your NIS2 compliance

Determining you fall under the Cybersecurity Act depends on the sector in which you operate and the company size, with some exceptions to these primary rules.

Critical sectors are at the forefront of the NIS2 directive, extending beyond those covered by the initial NIS directive (Wbni) to include several new ones. This expansion means more public and private entities are now under its umbrella.

Organizations impacted by the NIS2 directive, and consequently the Cybersecurity Act, belong to these crucial sectors.

Images NIS2 Resource Hub (7)-png

The size of a company or organization is determined by two categories, each defined by specific criteria:


Images NIS2 Resource Hub (6)-png

NIS2: Making the EU safer for everyone, including you

Why the urgency? (It’s not just to make life difficult.) 

Cyber attacks extend beyond the economy. They pose a threat to the fundamental democratic principles of the EU. At their worst, they can even disrupt the essential functioning of society. 

Whatever your industry – whether it’s manufacturing car parts, or managing food transportation – your business plays a role in that society. 

It’s important to steer clear of the heavy fines and personal liability of NIS2. But it’s equally important to safeguard your employee and customer data and protect your systems for the safety of our interconnected economy. 

It’s important to report attacks responsibly – one of the key NIS2 requirements – in order to spread awareness of emerging threats, and share prevention strategies. And to have the right measures in place to prevent them from moving down your supply chain, exposing others to risk.

You’re not just complying, you’re becoming part of a new culture of openness and collaboration that gives every business better defence – including yours.

Something to think about as you navigate the journey.

10 steps to strengthen your cyber security and get ahead of NIS2

There are some common sense steps you could take to strengthen your position in the meantime:

  1. Assess risk and establish proactive security policies that address any weaknesses.
  2. Provide cybersecurity training to employees, C-suite management and board.
  3. Have a plan for continuity backups, disaster recovery, and crisis response - and review regularly.
  4. Use multi-factor or continuous authentication.
  5. Perform regular audits and penetration testing to find vulnerabilities.
  6. Implement policies for encryption and cryptography.
  7. Develop and implement an incident handling plan.
  8. Have robust human resources security including onboarding / offboarding of assets and access.
  9. Perform supply chain risk assessments and incorporate security requirements in contracts with suppliers.
  10. Prioritise 24/7 security coverage with solutions such as Eye Security’s Managed XDR.

In our increasingly connected, data-heavy world, every business should be taking these measures anyway – it’s vital to your continuity and reputation. 

Go beyond NIS2 and secure your business with Eye Security

As a leading cybersecurity solutions provider for EU businesses, we’re here for that journey – and we’ll help you find the fastest route. Access our NIS2 resource hub to learn more.

Ready to lower your cyber risk? Check out our comprehensive cyber protection package designed for non-enterprise businesses. Or get in touch and we’ll tell you how we can help.

Let's talk

Curious to know how we can help?

Get in touch
Share this article.