The Network and Information Security Directive (NIS) is on the last lap to becoming law throughout Europe. Given the rise in major cybersecurity threats to business, infrastructure and the financial community - the Directive is aimed at requiring 'essential service' and digital service providers (i.e. energy, transport, banking, health and cloud providers/online search engines) to up their game when it comes to protecting against cyber threats.
The threats can come from a variety of sources from criminal gangs to terrorist cells - each having highly trained and experienced hackers to call upon to attack critical systems.
The effect of the Directive will be to impose specified levels of security on the 'essential service providers' while also requiring mandatory reporting of cyber attacks.
The timescale for implementation is now likely to be sometime in August this year. Organisations that are likely to fall within the 'essential service' or digital service provider remits should be ensuring that they are aware and aligned with the Directive's requirements, in particular in respect of levels of security employed and ability to comply with the proposed notification processes.
The EU cyber security directive has passed the penultimate hurdle in its progress towards implementation across Europe