NIS2 and DORA: How Companies Are Preparing for the New Cybersecurity Standards
With the new EU directives NIS2 and DORA, companies face major challenges in the area of cybersecurity. These regulations are designed to ensure stricter security and will take effect shortly. To help companies comply with these directives, Trend Micro has updated its legal guide.
What are NIS2 and DORA?
NIS2 Directive:
Starting in October 2024, companies in sensitive sectors such as public administration, banking, and digital services must comply with the NIS2 Directive (Network and Information Security Directive). This directive aims to improve network and information security in the EU.
DORA (Digital Operational Resilience Act):
Starting in January 2025, DORA will become mandatory for companies in the financial sector. This regulation is intended to strengthen the operational resilience of financial service providers and ensure that they are resilient to cyberattacks.
Legal Guide by Trend Micro
Trend Micro has released an updated edition of its legal guide, “Cybersecurity and IT Compliance in the Enterprise,” to help companies implement the new guidelines. The guide provides comprehensive information on the new requirements and answers relevant questions.
Richard Werner, Security Advisor at Trend Micro, explains: “NIS2 and DORA raise many questions. Our guide helps decision-makers gain greater security and make the right decisions—especially when it comes to cloud-based security solutions.”
Contents of the Guide
- GDPR Compliance: Information on complying with the General Data Protection Regulation when using cybersecurity solutions.
- C5 Criteria Catalog: Explanations of the security requirements for cloud services as defined by the BSI (Federal Office for Information Security).
- Practical examples: Illustrating the new requirements using real-life scenarios.
- Data Protection and Data Sovereignty: Answers to questions about the protection of personal data and data sovereignty when using cloud solutions.
New Responsibilities of Management
NIS2 imposes new responsibilities on company management. CEOs must integrate cyber risk management into their overall risk management framework and are responsible for implementing cybersecurity measures. This also entails personal liability in the event of non-compliance with legal requirements.
Requirements of the NIS2 Directives
- Cyberattack Detection Systems: Implementation of systems for the early detection of cyberattacks.
- Processes for rapid response: Establishing processes to enable a rapid response to cyberattacks.
- Mandatory reporting: Security incidents must be reported to the BSI within 72 hours.
- Threat analysis: The ability to continuously monitor and assess the current threat landscape.
Conclusion
The new EU directives NIS2 and DORA present significant challenges for businesses, but they also offer an opportunity to significantly improve cybersecurity. With Trend Micro’s updated legal guide, businesses can better understand and implement the new requirements to protect themselves against cyberattacks and comply with legal obligations.