Adopted in January 2023, the NIS2 directive (Network and Information Security Directive) marks a significant step in the fight against cyber threats within the European Union. Its main objective: to strengthen the resilience of businesses and critical infrastructures in the face of increasingly sophisticated attacks. Through this directive, Europe has a harmonized framework to ensure a high level of cybersecurity, while responding to the new challenges linked to digital transformation.
This directive, which replaces NIS1, introduces expanded requirements and imposes increased responsibilities on a larger number of actors. At a time when 68% of European companies* report having been victims of at least one major cyberattack in 2023, it is becoming imperative for organizations to adapt to these new rules. Here we decipher the main axes of this directive and highlight the innovative U-Cyber 360° solution which helps companies meet these challenges.
*Based on Netwrix’s 2023 Global Annual Hybrid Security Trends Report.
An extended scope of application for reinforced coverage.
Under the NIS1 directive, only certain critical infrastructures such as energy, transport and health were affected by cybersecurity obligations. NIS2 significantly expands this scope. Now new sectors are included, such as digital service providers, cloud companies, domain name registration service providers, and even some public administrations.
According to a study carried out in 2023, this enlargement potentially concerns more than 160,000 organizations in Europealmost three times more than under NIS1. The idea behind this measure is to guarantee collective resilience: cyberattacks affect not only large organizations, but also small structures, often less well protected and used as entry points to reach more strategic targets.
Reinforced requirements: a response to increased threats.
With NIS2, businesses must now adopt a proactive cybersecurity posture. Among the new obligations are:
- The establishment of structured governance : designation of a manager in charge of information systems security (CISO) and clear definition of roles in the organization.
- Comprehensive risk management : identification and regular assessment of risks, integration of suppliers into the cybersecurity strategy, and adoption of appropriate measures to protect critical systems.
- Mandatory incident notification : any incident with a significant impact must be reported within 24 hours to the competent authorities, with a detailed report within 72 hours.
- Business continuity : adoption of incident response and disaster recovery plans, tested regularly to ensure their effectiveness.
These obligations aim to reduce the economic impact of cyberattacks, estimated at more than 5.5 billion euros in Europe in 2023. However, they also involve substantial investments in human, technological and organizational resources.
Dissuasive financial penalties to encourage compliance.
NIS2 introduces a particularly strict sanction mechanism to guarantee the application of measures. Non-compliant businesses face:
- Fines of up to 10 million eurosor 2% of global annual revenue, whichever is greater.
- Regular audits and conformity assessments by competent national authorities.
- Increased reputational impact : Publicly reported cybersecurity incidents can lead to a loss of trust from customers and partners.
These sanctions aim to encourage organizations to integrate cybersecurity as a strategic priority, and not just as an operational cost.
A complete solution to meet NIS2 requirements.
To support companies in their compliance with NIS2 and strengthen their security against cyber threats, Mailinblack offers the cybersecurity solution U-Cyber 360°a platform designed to cover all aspects of human cybersecurity. This suite brings together complementary tools which align perfectly with the requirements of the directive.
The pillars of the U-Cyber 360° solution:
1. Protect :
-
- Detects and blocks threats in real time using artificial intelligence.
- Identifies malicious emails (phishing, ransomware, spear phishing).
- Reduces the risk of email intrusions by 97%.
2. Cyber Coach :
-
-
- Simulates cyberattacks to train employees to respond effectively.
- Provides an average reduction in clicks on malicious links of 70% after 6 months of use.
-
3. Cyber Academy :
-
- Offers interactive training modules adapted to the needs of each user.
- Increases employees’ ability to identify threats by 85% in just three months.
4. Sikker :
-
-
- Simplifies and secures the management of professional and personal passwords.
- Helps reduce incidents of compromised passwords by 50%.
-
5. Cockpit :
-
- Provides a centralized dashboard to assess human and technology risk.
- Generates a personalized CyberScore to track cybersecurity performance.
A concrete response to business needs.
With U-Cyber 360°businesses have a turnkey solution to meet the new NIS2 requirements. By offering an integrated and scalable approach, this solution makes it possible to:
- Building global resilience facing cyber threats.
- Improve employee awarenessthe first line of defense against attacks.
- Ensuring simplified compliance with appropriate monitoring and reporting tools.
💡 Discover our partner’s solution here >