Article

Developing cybersecurity capabilities for the EU NIS Directive

Achieving a high common security level of network and information systems in the European Union

European organisations are continuously innovating through technology and digitisation. These innovations bring cybersecurity challenges, especially for operators of essential services and infrastructure. The European Commission has responded by creating legislation, such as the NIS Directive, to tackle these challenges. This paper provides an overview of the implementation of the NIS Directive across Europe, its key stakeholders, and how European organisations can prepare by building the necessary cyber capabilities.

Network and information systems support many of the essential services for the EU society and economy. It is therefore highly important to protect them from a continuously evolving threat landscape. The European Commission has introduced regulatory initiatives concerning the security of network and information systems and the protection of data.


The NIS Directive is among the main legislative initiatives involving all EU member states with the aim of enhancing the overall level of cybersecurity in the European Union.


This paper focuses on the need to develop cybersecurity capabilities in alignment with the NIS Directive. In particular, it highlights how stakeholders such as operators of essential services (OES) across different sectors (e.g. energy, transport, banking, etc.) and digital service providers (DSP) require and prioritise the development of specific cybersecurity capabilities.

  • An overview of the NIS Directive, with a focus on the security and notification requirements for OES and DSPs
  • An account of the NIS Directive developments based on the results of Deloitte’s NIS Directive Compliance Survey
  • An outline of cybersecurity capabilities supporting OES and DSPs to comply with the NIS Directive

Organisations dealing with the NIS Directive in their operational environments can gain useful insights from this paper.

 

 

Developing cybersecurity capabilities for the EU NIS Directive
Did you find this useful?