The cybersecurity landscape is changing rapidly. In 2024, over 60% of organizations in the EU experienced at least one serious cyberattack — often without adequate protection measures or a response plan. This is where NIS2 comes in.
The new European Network and Information Security Directive 2 (NIS2 directive) has come to set stricter rules and obligations, compared to the original NIS Directive adopted in 2016, with the aim of strengthening the resilience of critical infrastructure and protecting data.
The original NIS1 Directive was the first European Union legislation specifically dealing with cybersecurity. Its main objective was to strengthen the EU’s overall resilience to cyberattacks that could affect critical services such as energy, transport, health or digital infrastructure.
EU member states had a deadline until October 2024 to incorporate the NIS2 Directive into national law, while the NIS1 Directive was repealed.
In this article we will see:
- What does NIS2 require?
- Technology at the service of compliance
- Why NIS2 compliance is an opportunity
- Case study: Real-world scenario with a NUS Solutions client
- Next step: the NIS2 checklist to get started
What does NIS2 require?
The NIS2 directive focuses on risk management, strengthening defense and rapid incident response. Key obligations include:
- Risk analysis and management
- Security policies for information systems
- Implementation of MFA & strong access measures
- Monitoring and early detection of threats
- Business continuity & disaster recovery plans
- Incident reporting within 24 hours
- Supply chain risk management
- Training staff on cybersecurity
The penalties for non-compliance are severe: up to €10 million or 2% of turnover for “essential entities”, with personal liability for management.
Technology at the service of compliance
Compliance with the NIS2 directive is not just a matter of regulation, but a prerequisite for the security and continuity of an organization.
By leveraging modern cybersecurity technologies, businesses can create a robust protection framework that effectively prevents, detects and responds to threats.
Why NIS2 compliance is an opportunity
NIS2 aims to increase the resilience of critical infrastructure in Europe. However, its benefits extend far beyond legal compliance — they offer substantial value to any organization that strategically invests in its security.
1. Enhance trust and credibility
Organizations that comply with the NIS2 directive can demonstrate that they take security seriously. This enhances the trust of customers, partners and suppliers, which acts as a competitive advantage in the marketplace.
Especially in B2B environments, compliance can even be a criterion for selecting a supplier.
2. Incident prevention and cost reduction
Implementing mechanisms such as continuous monitoring, multi-factor authentication (MFA) and rapid incident response significantly reduces:
- The probability of a breach,
- The recovery time,
- And most importantly, the financial cost of downtime or data loss. In other words, compliance translates into resource savings in the medium term.
3. Internal organization and clear roles
NIS2 requires organizations to define:
- information security responsibilities,
- incident reporting procedures,
- and business continuity plans.
This leads to better internal organization, less uncertainty, and clear accountability flows — which are often lacking in smaller businesses.
4. Opportunity for technological modernization
Compliance is a good reason to review the technological infrastructure: from upgrading firewalls and cloud policies, to moving to a Zero Trust architecture or using AI tools for threat detection. Thus, the NIS2 directive becomes a lever for digital transformation, not an obstacle.
5. Increase operational resilience
A business that is prepared to respond to a cyberattack or technical failure has greater overall resilience. NIS2 helps create a culture of prevention and continuous improvement, reducing reliance on individuals or ad-hoc solutions.
Case study: Real-world scenario with a NUS Solutions client
During the period of cooperation with a logistics company, a challenge came up; the business needed to strengthen the security of its systems in order to prepare for the requirements of NIS2.
NUS Solutions designed a network divided into “zones” (network segmentation), so that each part of it operates independently, and connected the infrastructure to Microsoft Sentinel, a tool that constantly monitors activity and alerts about suspicious movements.
At some point, the system detected a ransomware attempt. The attack was immediately isolated to a small part of the network, without affecting the rest of the systems. Thus, the company’s operation did not stop for a minute, data remained secure and there was full documentation of the incident for compliance purposes.
This incident shows in practice what resilience means — the ability to deal with attacks without interrupting business continuity. And it is precisely this resilience that NIS2 seeks to ensure.
💡 Learn more about NUS Solutions cyber security services!
Next step: the NIS2 checklist to get started
1. Readiness assessment
The first step is to take a clear picture of the current situation. Each organization should record which infrastructure, applications and data are considered critical, examine what security measures are already in place and identify gaps.
2. Risk assessment
Next comes the analysis of the potential risks that threaten the organization, such as ransomware, phishing or human error. This process helps to assess the impact of each risk and establish priorities for action.
3. Roles and responsibilities definition
Compliance with NIS2 requires a clear definition of roles and processes. It is important to designate those responsible for information security and incident management, as well as actively involve management to ensure full oversight and accountability.
4. Technology tools adoption
At this stage, the company can begin to implement technology solutions that enhance security. Adopting tools for continuous monitoring and threat detection, strengthening user identification with multi-factor authentication and adopting a Zero Trust architecture contribute significantly to incident prevention.
5. Incident response processes
Having an organized incident response plan is critical. Companies should have clear processes in place for the timely detection, isolation and reporting of security incidents, as well as for documenting the actions taken.
6. Supplier and Third Party Assessment (Supply Chain Security)
Security does not stop at the organization’s borders. It is essential to check whether partners and service providers adhere to basic security standards in order to reduce the risk that may arise from external connections or partnerships.
7. Continuous training and improvement
Finally, NIS2 compliance is a process that requires continuous evolution. Employee cybersecurity training, regular policy reviews and incident simulation exercises help the organization remain ready and resilient to new threats.
Protect your organization with the help of NUS Solutions
Preparing for NIS2 requires strategy, expertise and practical application of cutting-edge technologies.
📅 If you want to take the next step in cybersecurity, book an information session with our team to assess your organization’s readiness for NIS2.
…