Time is Ticking: Onboard Management and the Board Now for NIS2 Compliance
Philippe Cornette
Chief Troubleshooter Officer, Risk Management, Cybersecurity, IT Strategy, Owner & Board member, Interim CIO & CISO - Open to Board/Advisory Board Contribution
Introduction
Time is running out to prepare for the NIS2 Directive, which will apply from October 18, 2024. If your company's management and board have yet to be onboarded, it is urgent to do so now, as they have significant new responsibilities under NIS2.
The directive assigns the management bodies and board crucial roles in ensuring compliance with the cybersecurity risk management and reporting obligations.
They must approve and oversee the implementation of the required cybersecurity measures. In some cases, management may even face personal liability, including fines and temporary discharge, for the company's failure to comply.
Management Responsibilities
Approve Cybersecurity Risk Management Measures
Management must approve the cybersecurity risk management measures that entities must implement under NIS2. This includes measures related to incident handling, business continuity, supply chain security, encryption, and more.
Oversee Implementation
Management must oversee the implementation of the approved cybersecurity risk management measures. They must ensure the measures are effectively implemented.
Liability for Non-Compliance
Management bodies can be held personally liable for the entity's failure to adopt and comply with the required cybersecurity measures. In some cases, they may face penalties like fines or temporary discharge from managerial roles for breaching their NIS2 compliance duties.
Undergo Training
NIS2 requires management to regularly attend training on cybersecurity risk management to gain sufficient knowledge and skills to perform their responsibilities.
Board Responsibilities
Endorse Cybersecurity Measures
The board of directors must endorse and approve the cybersecurity risk management measures taken by the organization to comply with NIS2.
Supervise Implementation
The board is responsible for supervising the implementation of the cybersecurity risk management measures.
Potential Personal Liability
For essential entities, board members may assume personal liability for violating the NIS2 cybersecurity rules, which could expose them to potential penalties.
Acquire Knowledge via Training
Board members must follow training to gain adequate knowledge and skills to identify risks, assess cybersecurity practices, and understand their impact on the organization's services.
In summary, NIS2 assigns significant responsibility to company management and the board to drive, oversee, and be accountable for the organization's cybersecurity measures and compliance with the directive's requirements. Early preparation, risk assessments, implementing required measures, and continuous training will be key for management and boards to fulfill their NIS2 obligations.
#NIS2 #CCB #agoria #cybersecurity #essential #important #riskmanagement
Partner Programs: Portfolio Optimization, Sales Readiness, Business Outcomes & Customer Experience globally for the biggest IT companies & their channels. Founder|CEO
1 个月Ask your IT Service Provider to help you with this. The good ones will be able to support you technically as well as with all the other NIS2 requirements (people, process, legal .....) and have that CEO discussion. Absolutely right Philippe. This is a CEO conversation about business health
Pak de zaken aan en zorg ervoor dat het in orde komt, zelfs bergop en met wat tegenwind.
3 个月Eigenlijk is de vraag naar RvB en topmanagement heel simpel: hoe ben je zeker dat je informatie activa (en dus een deel van de waarde van je organisatie) goed en intergraal beschermd is? Een antwoord zoals: we hebben mfa, anti virus, firewalls en doen jaarlijks een pentest en een phishing campagne is niet voldoende.