Article

The repeal of the Directive on security of network and information systems (NIS2)

The NIS Directive is the first piece of EU-wide legislation on cybersecurity. Its repeal is currently under negotiation and it is expected to enter into force in 2024.With increasing controls from governments and regulators, there is momentum for CISOs to pursue their security objectives. The EU is setting up €2 Billion to support new cybersecurity initiatives aimed at strengthening cyber resilience.

How is the cyber landscape evolving

The COVID-19 pandemic has increased cybersecurity challenges. Providers of
essential services have to face this new reality and are forced to deal with
new threats, as shown by the figures below:

  • An increase of 45% in cyber attacks worldwide to critical
    infrastructure;
  • An expected fourfold increase in the number of cyber attacks
    to the supply chain
    (between 2020 and 2021);
  • New risks of remote work due to a lack of insufficient security measures: +47% of individuals fell for phishing scams in 2020 while 51% of organisations experience shortage of cybersecurity skills.

To increase cyber resilience, the EU is launching new policy initiatives that will
come into force in the next 3 years. The repeal of the NIS Directive will enter into force in 2024 and it is expected to impose stronger requirements to a broader scope of actors. NIS 2 will introduce fines and enforcement, a broader set of mandatory security measures and new incident notification requirements for essential and important entities. Management bodies will have a crucial and active role in approving cybersecurity risks, and non-compliance is punished with fines up to 10M EUR or 2% of the global annual revenue.

Your Focus:

The current landscape pressures organisations to establish capabilities to effectively and efficiently prepare for and manage a cyber crisis. Depending on your maturity and desired capabilities, we see the below activities as focus areas to protecting critical infrastructure and compliance with the NIS Directive and its repeal:

About Deloitte Cyber Services

Deloitte supports a large number of stakeholders in the private and the public sector to enhance their cybersecurity posture as well as to achieve compliance with relevant obligations in view of NIS2. We offer the following services in view of the new compliance requirements of NIS2:

Support from the EU on Policy Implementation

Our Cyber Services, aimed at supporting entities to comply with NIS2, are eligible for (co-)funding by the EU under the Digital Europe Programme (DIGITAL). The budget for the Cybersecurity actions covered by this Work Programme is EUR 269 million distributed as follows:

  • A budget of EUR 177 million for actions related to the “cyber-shield” announced in the EU Cybersecurity Strategy, including Security Operation Centres (SOC);
  • A budget of EUR 83 million for actions supporting the Implementation of relevant cybersecurity EU Legislation;
  • A budget of EUR 9 million for programme support actions, including evaluations and reviews.

In addition, actions supporting the deployment of the Secure Quantum Communication nfrastructures (QCI) are included in the Digital Europe Work Programme for 2021-2022, with an indicative budget of EUR 170 million.

Our experts on DORA can advise you on how to apply for  EU funding to develop actions aimed at strengthening cyber capabilities in the EU cyber community.

Did you find this useful?