
ISF Podcast
S23 Ep2: NIS2: Decoding EU's cyber security game plan
Podcast summary created with Snipd AI
Quick takeaways
- NIST2 imposes stricter cybersecurity obligations on critical infrastructure sectors in the EU, with fines for non-compliance reaching up to 10 million euros or a percentage of annual turnover.
- NIST2 emphasizes the importance of core cybersecurity measures, including training, incident reporting, risk analysis, and encryption, for covered organizations to strengthen their security requirements.
Deep dives
Overview of NIST2 Legislation
NIST2 is a piece of European legislation that imposes stricter cybersecurity obligations on entities operating in critical infrastructure sectors. It complements and extends the Network and Information Security (NIST) directive introduced in 2016, expanding the coverage to more companies. It applies to organizations providing essential services like internet providers, energy suppliers, banking institutions, healthcare institutions, and food and household item factories. However, there are exceptions based on size, with small companies below certain thresholds being exempt. Non-compliance with NIST2 can result in fines of up to 10 million euros or a percentage of the company's annual global turnover. Individuals with relevant cybersecurity authority or management roles may also be held personally responsible for noncompliance.