Your trusted partner for NIS2 compliance

We’ll give you clarity and certainty of what you need to do to be compliant and we’ll help you get there.

 CONTEXT: WHAT THIS IS

NIS2 Article 21 directs EU member states to ensure risk is managed by robust systems, policies, and best practices.

The European Parliament’s NIS2 directive is an update to the original National Information Security Directive and will introduce additional security compliance requirements for EU member states. Each country will be required to create national laws that companies will be required to abide by.

NIS2 introduces more stringent cybersecurity and risk management requirements. Article 21 of NIS2 directs member states to ensure that companies in important and essential industries manage risk by implementing robust systems, policies, and best practices covering a wide range of cybersecurity measures and disciplines including:

  • Risk analysis and information system security.

  • Incident handling and reporting.

  • Business continuity, such as backup management and disaster recovery.

  • Crisis management.

  • Supply chain security.

  • Systems acquisition, development and maintenance security.

  • Basic cyber hygiene practices and cybersecurity training.

  • Cryptography and encryption technologies.

  • Human resources security, access control policies and asset management.

  • Zero Trust access (multifactor authentication, continuous authentication).

 The penalties for not complying with NIS2 mean this needs to be a priority now if you’re in an applicable industry.

Important Entities: Fines for non-compliance will be up to the greater of €7m or 1.4% of annual revenue | Essential Entities: Fines for non-compliance will be up to the greater of €10m or 2% of annual revenue | See the definition of important and essential entities here

 WHO NEEDS TO KNOW ABOUT THIS

Sectors affected by NIS2

NIS2 clearly defines the sectors that are in scope for the new directive. There are now more sectors in scope of the directive than there were under its original guise.

The directive identifies sectors in two categories; essential entities and important entities. The classification of whether an entity is in an essential or important industry determines the potential repercussions for non-compliance. Our diagram shows which sectors are assigned as essential and important entities.

ESSENTIAL COMPANIES

IMPORTANT COMPANIES

OUR APPROACH: WHAT WE OFFER

Leaving nothing to chance. Your NIS2 compliance assured.

We use globally recognized information security frameworks like ISO27001 and NIST to prepare for NIS2, identify technology and process gaps, and scope out compliance efforts.

NIS2 Corresponding ISO27001 Annex
Incident handling and reporting A.16: Information security incident management
Business continuity A.17: Information security aspects of business continuity
Supply chain security A.15: Supplier relationships
Systems acquisition, development and maintenance security A.14: System acquisition, development, and maintenance
Cryptography and encryption technologies A.10: Cryptography
Human resources security A.7 Human resource security
Access control policies A.9: Access controlA.5: Information security policies
Asset management A.8: Asset management
Zero Trust security A.9: Access control 
PREPARE FOR NIS2: DEVERG 8 STEP PROCESS

Immediate steps to take to prepare for NIS2

Member states have until October 2024 to incorporate the NIS2 Directive into their national laws. There are concrete steps we can help you take today to prepare for NIS2 as member states flesh out their regulations.

1. Identify, assess and address your risks:

Essential entities must apply balanced measures to secure networks, systems, and physical environments.

2. Evaluate your security posture:

A security assessment identifies weaknesses like unmanaged passwords or misconfigured accounts prone to credential theft.

3. Take steps to safeguard privileged access:

Adversaries can exploit privileged accounts to attack and disrupt services; NIS2 advises limiting admin access and rotating passwords regularly.

4. Strengthen ransomware defenses:

Ransomware attacks are a major EU concern and a key driver of the NIS2 Directive; implement security solutions, least privilege, app control, and NGAV/EDR to defend proactively.

5. Move to a Zero Trust architecture:

Perimeter-based security is outdated for cloud and hybrid work; adopt Zero Trust with layered defenses like least privilege, continuous authentication, and threat analytics.

6. Scrutinise your software supply chain:

Supply chain attacks are a key concern for EU regulators and drive the NIS2 Directive; review your software supply chain and consider secrets management to mitigate risks.

7. Formalise your incident response plan:

NIS2 mandates faster incident reporting within 24 hours; ensure your organization is prepared by reviewing notification, information gathering, and reporting processes.

8. Educate your people:

Cybersecurity and hygiene training are vital for NIS2; enhance efforts to boost cyber awareness and foster a security-first culture. 

 ENSURE COMPLIANCE

Deverg services for ongoing NIS2 compliance

NIS2 healthcheck

NIS2 HEALTHCHECK

incident management

INCIDENT MANAGEMENT

BCDR NIS2

BUSINESS CONTINUITY AND DISASTER RECOVERY 

ASSESS YOUR READINESS FOR NIS2

Take our free NIS2 readiness assessment to help you plan your strategy and approach for compliance

BENEFITS OF PARTNERING WITH US FOR NIS2 COMPLIANCE

Our execution focused approach focuses on keeping you safe

Safety with our NIS2 approaches

  • We cut through ambiguity to give you clarity and certainty that you’re doing the right things to be compliant with the directive.

  • Minimise the risk of non compliance and facing sanctions.

  • Our 8 step process (listed in section 6) covers all bases of preparing for and implementing changes that will ensure your compliance.

  • Our proactive approach will assure you of compliance when you need it, not after it’s too late.

  • We focus on execution and work with you to take direct action on your compliance.

KNOWLEDGE

NIS2 resources

Flag

BRIEFING PAPER

A Deverg guide to becoming compliant with the NIS2 directive

NIS2 Derverg.global book

E-BOOK

Deverg’s e-book on what you need to know about NIS2 compliance

NIS2 readiness test

NIS2 READINESS ASSESSMENT

Free NIS2 readiness assessment with personalised report straight to your inbox 

SUCCESS STORIES

Clients that trust us

cybersecurity case study

CYBER SECURITY CASE STUDY

Simplifying NIS2 Compliance for a Pharmaceutical Company

cybersecurity case study

CYBER SECURITY CASE STUDY

A cancer research organisation affected by ransomware

CYBER SECURITY CASE STUDY

Cyber security compliance for a global oil, gas and renewables company 

 FIND OUT MORE

Contact us