Companies are faced with the challenge of complying with NIS2, the new EU directive on networks and information systems that will come into force on 17 October. This is the regulation with which European legislators are trying to address one of the major challenges of today and the future: cybersecurity.
The regulation, designed to increase the resilience and response capabilities to incidents of public bodies and private companies and, therefore, of the entire common territory, introduces new requirements and demands the implementation of a series of measures for more than 100,000 European companies. “The need to adapt to its requirements is crucial not only to achieve greater cyber resilience, which is essential in the face of current cybersecurity risks, but because failure to comply will result in fines, which can reach up to 10 million euros or 2% of a company’s annual turnover,” explains David López, Cybersecurity Product Specialist at Ricoh Spain.
This is the penalty that can affect the so-called “essential entities” (highly critical sectors, such as energy, transport, health, etc.), while those classified as “important” (critical sectors such as postal services, waste management, chemicals, etc.) can face fines of up to 7 million or 1.4% of their income. Authorities may even impose temporary suspensions of service.
The path to strengthening the response capacity to threats
The NIS2 article aims to strengthen incident response capabilities and, as a specialist in managed services, Ricoh, through IPM, its infrastructure and cloud subsidiary, is helping its clients to comply with the new criteria of the regulation without problems, through its specialization and technical solvency in the planning and execution phases of the projects. “The initiative is critical and requires preparation to understand the requirements of the regulation, the current status of each company and the measures to be implemented. This is achieved during the analysis phase, which will be a good starting point to identify and evaluate the risks, and establish policies and procedures that allow improving the cybersecurity posture,” emphasizes David López.
The purpose of NIS2 is to strengthen incident response capabilities
Companies will have to improve in areas such as detection, management, response and incident notification processes, supply chain protection, information sharing and disclosure of vulnerabilities, cyber hygiene and training for employees and management bodies, etc. “We are preparing our clients to identify risks and threats, implementing appropriate measures and solutions to detect and protect their assets, providing them with a team with tools and structure to respond to any attempted attack, and defining processes to restore systems in the event of an incident. To this end, the managed cybersecurity services we offer are key,” adds the IT security expert.
While Ricoh acknowledges that regulatory readiness is a new effort for IT and cybersecurity departments, it believes it lays a good foundation for meeting current and future challenges posed by today’s threats.