According to the security specialists at ESET, it is becoming evident that with the rapid transformation of the world into a digital ecosystem, cyber threats are becoming more and more complex.
The new European legislation, NIS2 directivemarks a crucial moment for cyber security, aiming to reduce Europe’s vulnerabilities to digital attacks. Adopted at the end of 2024, NIS2 expands the scope of its predecessor, the 2016 NIS Directive, and brings new rules that companies must comply with to avoid sanctions and protect their operations. To learn more about how to prepare, download the complete guide from ESET for free.
What’s new in NIS2?
The directive now addresses a wider range of entities, including providers of public electronic communications networks and services, companies specializing in waste and wastewater management, manufacturers of critical products such as medical devices, pharmaceuticals and chemicals, along with postal services and by courier.
In addition to expanding the scope, NIS2 introduces strict requirements for rapid incident response, supply chain security, use of encryption, conducting security audits, risk analysis, vulnerability management and crisis planning.
Another key element is creation European Cyber Crises Liaison Organization Network (EU-CyCLONE)which facilitates cooperation between national authorities and strengthens the EU’s collective response to cyber threats.
NIS2: What does the new European directive mean for SMEs?
With the evolution of digital threats, the European Union is taking a decisive step to improve the resilience of networks and IT systems to cyber security risks by introducing the NIS2 Directive. This is a major update to existing regulations, expanding the scope and imposing stricter requirements. Even if you are a small or medium-sized enterprise (SME), there are criteria that may place you under the new directive and it is therefore essential that you understand the impact of these new rules.
NIS2 extends compliance obligations to new categories of entities such as electronic communications providers, waste and wastewater management companies, manufacturers of critical products and postal services. In addition to technical requirements such as incident response, supply chain security and encryption, potential targeted SMEs must implement rigorous risk analysis and crisis plans. This directive targets not only EU companies, but also non-EU companies serving the European market.
How does it affect SMEs?
Starting from the end of 2024, member states will have to identify the companies concerned, and they will have the obligation to comply with the new rules.
In reality, SMEs are most exposed to cyber-attacks targeting their supply chains, a situation that is of course amplified by their limited security resources.
Such attacks can create a domino effect, affecting the entities to which they provide services. In this context, Member States should include in their national cyber security strategies concrete measures to support SMEs in managing these challenges.
Among the recommended initiatives is the establishment of a dedicated contact point, at national or regional level, to provide guidance, direct assistance or direct them to competent organizations for specific support in the field of cyber security.
For SMEs, this can mean investments in cyber security, regular audits and closer collaborations with regulators. Violations can attract severe penalties, but early preparation provides the opportunity to turn requirements into competitive advantages.
Understanding and implementing NIS2 requirements is essential to avoid financial and reputational risks.
To learn more about how to prepare, download for free the complete guide provided by ESET. Prioritize prevention to stay safe in the face of increasingly sophisticated cyber threats.
ESET offers state-of-the-art digital security so you can prevent attacks before they happen. By combining human expertise and the power of Artificial Intelligence, ESET stays one step ahead of known and emerging cyber threats – securing businesses, critical infrastructure and individuals. Whether it’s endpoint, cloud or mobile protection, its AI-powered cloud-first solutions and services are highly efficient and easy to use. In addition to real-time, 24/7 defense, accompanied by strong local support (including in Romania), ESET also engages in research at the highest level, deepening information about the latest threats, through its own research centers and development (one located in Iasi, Romania) and the strong global network of partners.
