-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network Services
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud
Popular Products
-
Cloud Architecture and Modernization
Discover how to achieve your business goals through cloud modernization practices, that deliver improved agility, reusability and scalability.
-
Cloud Optimization
Discover how to maximize operational excellence, business continuity and financial sustainability through our cloud-advanced optimization services.
-
-
Services
Consulting
-
-
Services
Data and Artificial intelligence
-
Services
Technology Solutions
Client stories
-
Services
Data Center Services
-
Services
CX and Design
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Solutions
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
Everest Group PEAK Matrix® Assessment
NTT DATA is a Leader and Star Performer in the Everest Group Sustainability Enablement Technology Services PEAK Matrix® Assessment 2024.
Get the Everest report -
- Careers
Topics in this article
Cybersecurity isn’t limited to organizations’ own efforts to protect their data and applications. There are also broader regulatory requirements to consider, and these vary by country and region.
In Europe, one such requirement is the Network and Information Systems Directive 2 (NIS2). It’s an updated version of an existing directive, adopted in 2019, which aims to strengthen cybersecurity in the European Union by helping organizations protect themselves against cyberthreats.
NIS2 was officially published in January this year, and EU member states now have until 17 October 2024 to integrate its provisions into their local legislation.
But what exactly is NIS2, and which organizations are affected by it? In this blog, we’ll delve into the key aspects of the directive and explore how we can help you remain compliant.
The scope of compliance has expanded with NIS2
NIS2 is designed to enhance the cybersecurity posture of critical infrastructure and essential service providers by ensuring the security of their network and information systems.
Until now, the directive focused on seven sectors seen as essential: healthcare, transportation, energy, water supply, digital service providers, financial services and digital infrastructure.
Under NIS2, the scope of organizations that have to comply has expanded: NIS2 contains uniform rules for medium-sized and large organizations operating in “very critical” sectors (including energy, transportation, banking, drinking water and government) and “critical” sectors, such as postal and courier services, waste management, chemicals, food and manufacturing. Note that “direct suppliers” of affected sectors should prepare too.
Organizations categorized as “essential” or “important”
The size of your organization (in terms of number of employees and annual turnover) and the industry or sector in which you operate will determine your designation.
Some organizations will be deemed “essential”, regardless of their size, if a security breach affecting their digital infrastructure would have serious consequences.
Essential entities face the highest level of scrutiny, and noncompliance can result in hefty fines – up to EUR 10 million or 2% of the organization’s annual revenue.
How to comply with NIS2
Compliance with NIS2 involves three key aspects:
- Risk management: You have to conduct an annual supply-chain risk assessment, define roles and responsibilities, maintain a risk register and integrate a threat intelligence feed into your cybersecurity strategy. Threat intelligence is like subscribing to a news service for cyberthreats, and is essential to stay ahead of emerging threats. You also need to document all of your assets and network endpoints – laptops, mobile devices, IoT devices and more – which can be tricky to do. Business continuity measures such as backup management and disaster recovery, as well as crisis management, are also part of the obligations under NIS2.
- Security measures: Security awareness and training are paramount, as human error remains a significant cybersecurity concern. You also have to put technical security measures in place, governed by well-defined policies. Incident reporting is mandatory, with significant incidents requiring immediate notification within 24 hours – usually via a government website, with a follow-up requirement some weeks later.
- Technology deployment: Your underlying technology infrastructure needs to align with NIS2 requirements. This includes securing operational technology (OT) networks, implementing multifactor authentication and adopting a zero trust approach to user identities and credentials.
Are you ready? Ask these 5 questions
With only a year to prepare for NIS2 compliance, organizations must act urgently. However, the global shortage of cybersecurity professionals presents a challenge, and your in-house IT team may not be fully equipped to handle the preparations.
Ask yourself the following questions as part of your planning:
- Does my organization have a CISO? The specialist role of a Chief Information Security Officer (CISO) exists to manage an organization’s information security strategy and practices in order to protect data and systems from breaches. Lacking a CISO’s expertise can be a challenge during NIS2 preparations.
- When last did we conduct a formal and in-depth security assessment? Assessing the maturity of your security involves identifying gaps in your processes and technology, and it’s an essential first step on the road to compliance. This is not a standardized assessment: every industry and every organization is different. Some, such as banks and insurance providers, will already be mature in terms of their cybersecurity, while others may not, for reasons such as a lack of budgets or skilled people.
- Is my digital infrastructure architecture secure by design? This best-practice approach should be followed across all your technological domains, such as your network, OT, multicloud environment and applications.
- Do my employees undergo regular security awareness training? Human error is one of the biggest enemies of cybersecurity. Employees must be continually educated about cybersecurity risks and procedures.
- Have I tested my cybersecurity defenses? Regular penetration testing and red team services – which simulate real-world cyberattacks and other security threats to identify vulnerabilities in your defenses – help validate the effectiveness of your security controls.
How NTT can help
The good news is that NTT, as a global managed service provider with extensive experience in cybersecurity, offers a range of services to support you on your journey to NIS2 compliance.
If you don’t have a CISO, we can provide a cybersecurity expert to fill the role on a part-time basis, ensuring strategic oversight of your security efforts.
Our structured security maturity assessments lead to a clear and prioritized roadmap you can follow to achieve NIS2 compliance. We can help you compile a full inventory of your digital infrastructure and secure it.
Then, we bring your employees up to speed with security through awareness and training programs, and we use techniques like penetration testing to ensure your security measures make the grade.
We’re ready to help your organization navigate the complex landscape of NIS2. Don’t wait until the last minute; start your compliance journey with us today.
Read more about NTT DATA's managed security services, which combine business objectives and security requirements to deliver resilience across your organization’s security lifecycle.