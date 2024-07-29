Vorteilswelt
New EU directive

NIS 2 forces companies to increase cyber security

Nachrichten
29.07.2024 14:00

The EU Directive NIS 2 obliges thousands of companies in Austria to improve their cyber security. Furthermore, member states are obliged to define national cyber security strategies, among other things.

The implementation of the directive's measures could reduce the damage caused by incidents similar to the CrowdStrike outage in mid-July, said cyber security expert Marc Nimmerrichter. "NIS 2 is like wearing a seatbelt in cyberspace," he compared the law, "you are now obliged to buckle up or protect yourself".

"Necessary and sensible"
 Until now, it has been up to companies themselves to decide whether to take risk management measures or accept the risk. According to Nimmerrichter from IT security company Certitude, the EU directive is therefore "necessary and sensible", as failures affect not just one company, but the entire supply chain and trigger a domino effect, particularly in the case of critical infrastructure.

Although the requirements have not yet been transposed into Austrian law, it is clear that companies, especially larger ones, are investing in cyber security as a result of this regulation. Measures in this area usually require months of preparation. "Companies should take action," advises Nimmerrichter.

Nobody has access everywhere
For companies, the directive would mean, among other things, that in future "nobody will always have access everywhere, not even the managing director - that is too great a security risk". Medium-sized (50 or more employees or annual turnover and annual balance sheet total of more than ten million euros) and large companies in several sectors are affected. Small companies may be affected if they are active in the digital infrastructure.

Whether the NIS 2 Directive will be incorporated into Austrian law by October 17, 2024, as planned by the EU, is questionable. At the beginning of July, a legislative proposal failed to achieve the necessary two-thirds majority in parliament.

