1 Executive Summary
The EU NIS Directive (EU 2016/1148) which was aimed at achieving a common standard of network and information security across all EU Member States, is scheduled for an update. The objective of this update is to improve cyber resilience and it extends the range of organizations included within its scope. Organizations need to check whether they will be included and the changes that are coming so that they can plan to comply with their new obligations. This report provides an overview of the technical requirements from the updated directive and recommendations for the actions that organizations should take to prepare.
Since the NIS Directive was adopted in 2016, everyday life has become more dependent on network delivered digital systems. This digital transformation has expanded the cybersecurity attack surface and hence increased the potential impact of cyber threats. The updated NIS2 Directive responds to these challenges by building on and widening the scope of the existing NIS directive. The intent being to increase the cyber resilience of the EU and EU organizations through a variety of means including improving the cyber hygiene of organizations operating within the EU.
KuppingerCole recommends that organizations adopt the concept of a security fabric to support a consistent approach to cyber security and to compliance with the multiple laws and regulations that apply across the various delivery models (on premises, managed services, and cloud.