-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Nutzen Sie unsere Fähigkeiten, um die Transformation Ihres Unternehmens zu beschleunigen.
-
Services
Network-Services
Beliebte Produkte
-
Private 5G
Unser Cloud-nativer Secure-by-Design-Ansatz gewährleistet eine 24/7-Überwachung durch unsere Global Operations Centers, die Ihre Netzwerke und Geräte auf einer „As-a-Service“-Basis verwalten.
-
Verwaltete Campus-Netzwerke
Unsere Managed Campus Networks Services transformieren Campusnetzwerke, Unternehmensnetzwerke sowie miteinander verbundene lokale Netzwerke und vernetzen intelligente Orte und Branchen.
-
-
Services
Cloud
Beliebte Produkte
-
Services
Consulting
-
Edge as a Service
-
Services
Data und Artificial Intelligence
-
-
Services
Data Center Services
-
Services
Digital Collaboration und CX
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
IDC MarketScape: Anbieterbewertung für Rechenzentrumsservices weltweit 2023
Wir glauben, dass Marktführer zu sein eine weitere Bestätigung unseres umfassenden Angebotes im Bereich Rechenzentren ist.
Holen Sie sich den IDC MarketScape -
-
Erkenntnisse
Erfahren Sie, wie die Technologie Unternehmen, die Industrie und die Gesellschaft prägt.
-
Erkenntnisse
Ausgewählte Einblicke
-
Die Zukunft des Networking
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
So funktioniert Zero-Trust-Sicherheit für Ihr Unternehmen
Sorgen Sie dafür, dass Zero-Trust-Sicherheit für Ihr Unternehmen in hybriden Arbeitsumgebungen funktioniert.
-
-
Erkenntnisse
Copilot für Microsoft 365
Jeder kann mit einem leistungsstarken KI-Tool für die tägliche Arbeit intelligenter arbeiten.
Copilot noch heute entdecken -
-
Lösungen
Wir helfen Ihnen dabei, den Anforderungen an kontinuierliche Innovation und Transformation gerecht zu werden
Global Employee Experience Trends Report
Excel in EX mit Forschung basierend auf Interviews mit über 1.400 Entscheidungsträger:innen auf der ganzen Welt.
Besorgen Sie sich den EX-Report -
Erfahren Sie, wie wir Ihre Geschäftstransformation beschleunigen können
-
Über uns
Neueste Kundenberichte
-
Liantis
Im Laufe der Zeit hatte Liantis, ein etabliertes HR-Unternehmen in Belgien, Dateninseln und isolierte Lösungen als Teil seines Legacysystems aufgebaut.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
-
NTT DATA und HEINEKEN
HEINEKEN revolutioniert die Mitarbeitererfahrung und die Zusammenarbeit mit einem hybriden Arbeitsplatzmodell.
Lesen Sie die Geschichte von HEINEKEN -
- Karriere
Topics in this article
Cybersecurity isn’t limited to organizations’ own efforts to protect their data and applications. There are also broader regulatory requirements to consider, and these vary by country and region.
In Europe, one such requirement is the Network and Information Systems Directive 2 (NIS2). It’s an updated version of an existing directive, adopted in 2019, which aims to strengthen cybersecurity in the European Union by helping organizations protect themselves against cyberthreats.
NIS2 was officially published in January this year, and EU member states now have until 17 October 2024 to integrate its provisions into their local legislation.
But what exactly is NIS2, and which organizations are affected by it? In this blog, we’ll delve into the key aspects of the directive and explore how we can help you remain compliant.
The scope of compliance has expanded with NIS2
NIS2 is designed to enhance the cybersecurity posture of critical infrastructure and essential service providers by ensuring the security of their network and information systems.
Until now, the directive focused on seven sectors seen as essential: healthcare, transportation, energy, water supply, digital service providers, financial services and digital infrastructure.
Under NIS2, the scope of organizations that have to comply has expanded: NIS2 contains uniform rules for medium-sized and large organizations operating in “very critical” sectors (including energy, transportation, banking, drinking water and government) and “critical” sectors, such as postal and courier services, waste management, chemicals, food and manufacturing. Note that “direct suppliers” of affected sectors should prepare too.
Organizations categorized as “essential” or “important”
The size of your organization (in terms of number of employees and annual turnover) and the industry or sector in which you operate will determine your designation.
Some organizations will be deemed “essential”, regardless of their size, if a security breach affecting their digital infrastructure would have serious consequences.
Essential entities face the highest level of scrutiny, and noncompliance can result in hefty fines – up to EUR 10 million or 2% of the organization’s annual revenue.
How to comply with NIS2
Compliance with NIS2 involves three key aspects:
- Risk management: You have to conduct an annual supply-chain risk assessment, define roles and responsibilities, maintain a risk register and integrate a threat intelligence feed into your cybersecurity strategy. Threat intelligence is like subscribing to a news service for cyberthreats, and is essential to stay ahead of emerging threats. You also need to document all of your assets and network endpoints – laptops, mobile devices, IoT devices and more – which can be tricky to do. Business continuity measures such as backup management and disaster recovery, as well as crisis management, are also part of the obligations under NIS2.
- Security measures: Security awareness and training are paramount, as human error remains a significant cybersecurity concern. You also have to put technical security measures in place, governed by well-defined policies. Incident reporting is mandatory, with significant incidents requiring immediate notification within 24 hours – usually via a government website, with a follow-up requirement some weeks later.
- Technology deployment: Your underlying technology infrastructure needs to align with NIS2 requirements. This includes securing operational technology (OT) networks, implementing multifactor authentication and adopting a zero trust approach to user identities and credentials.
Are you ready? Ask these 5 questions
With only a year to prepare for NIS2 compliance, organizations must act urgently. However, the global shortage of cybersecurity professionals presents a challenge, and your in-house IT team may not be fully equipped to handle the preparations.
Ask yourself the following questions as part of your planning:
- Does my organization have a CISO? The specialist role of a Chief Information Security Officer (CISO) exists to manage an organization’s information security strategy and practices in order to protect data and systems from breaches. Lacking a CISO’s expertise can be a challenge during NIS2 preparations.
- When last did we conduct a formal and in-depth security assessment? Assessing the maturity of your security involves identifying gaps in your processes and technology, and it’s an essential first step on the road to compliance. This is not a standardized assessment: every industry and every organization is different. Some, such as banks and insurance providers, will already be mature in terms of their cybersecurity, while others may not, for reasons such as a lack of budgets or skilled people.
- Is my digital infrastructure architecture secure by design? This best-practice approach should be followed across all your technological domains, such as your network, OT, multicloud environment and applications.
- Do my employees undergo regular security awareness training? Human error is one of the biggest enemies of cybersecurity. Employees must be continually educated about cybersecurity risks and procedures.
- Have I tested my cybersecurity defenses? Regular penetration testing and red team services – which simulate real-world cyberattacks and other security threats to identify vulnerabilities in your defenses – help validate the effectiveness of your security controls.
How NTT can help
The good news is that NTT, as a global managed service provider with extensive experience in cybersecurity, offers a range of services to support you on your journey to NIS2 compliance.
If you don’t have a CISO, we can provide a cybersecurity expert to fill the role on a part-time basis, ensuring strategic oversight of your security efforts.
Our structured security maturity assessments lead to a clear and prioritized roadmap you can follow to achieve NIS2 compliance. We can help you compile a full inventory of your digital infrastructure and secure it.
Then, we bring your employees up to speed with security through awareness and training programs, and we use techniques like penetration testing to ensure your security measures make the grade.
We’re ready to help your organization navigate the complex landscape of NIS2. Don’t wait until the last minute; start your compliance journey with us today.
Read more about NTT DATA's managed security services, which combine business objectives and security requirements to deliver resilience across your organization’s security lifecycle.