Security and compliance with Arcserve

The EU’s NIS 2 directive: Discover what will change for you and how to prepare now

07.29.2024

Cybersecurity has become a crucial issue in our interconnected world. To protect companies’ IT infrastructures from these growing threats, the European Union has implemented directives aimed at strengthening the security of networks and information systems. The latest, the NIS 2 (Network and Information Systems) Directive, represents a significant evolution in this field.

The NIS 2 Directive aims to strengthen the level of cybersecurity across the economic and administrative structure of EU member countries. It introduces legal, technical, and organizational measures to raise the overall level of cybersecurity and increase the operational resilience of regulated entities. These measures are designed to address the growing challenges posed by cyber threats, particularly in key sectors of our societies such as energy, transportation, financial services, healthcare, digital infrastructures, and water supply.

Comparison with the Previous NIS Directive

While the first NIS directive, dating from 2016, aimed to protect major economic players in the EU, NIS 2 expands the scope of concerned entities and sectors. It also introduces more tailored requirements to cope with the constantly evolving cyber threats. Thus, it provides a more comprehensive framework for protecting networks and information systems.

Affected Businesses

The NIS 2 Directive concerns a wide range of entities, classified into two main categories: essential entities (EEs) and important entities (IEs). This classification is based on criteria such as the criticality of the activity, the size, and the turnover of the companies.

Affected Sectors

The scope of the NIS 2 Directive is extensive, covering 18 critical sectors. Among these are:

  • Waste and water management.
  • Public administrations,
  • Energy infrastructures,
  • Healthcare services,
  • Banking and financial sectors,

These sectors play a vital role in our society, and their protection is essential to ensure the smooth functioning of the economy and public services.

Obligations for Companies from October 17, 2024

Regulated companies under this directive must comply with a number of obligations to ensure the security of their networks and information systems, in accordance with the NIS 2 directive, which must be implemented by October 2024:

  1. Sharing information with competent authorities, such as the ANSSI (French National Cybersecurity Agency), and regularly updating this information.
  2. Cyber risk management, involving the implementation of legal, technical, and organizational measures to protect networks and information systems.
  3. Reporting security incidents to ANSSI and providing reports on the situation’s evolution.

Sanctions for Non-Compliance

The NIS 2 Directive provides for financial penalties proportional to the severity of the breach, which can go up to a percentage of the global turnover of the concerned entities (2% for EEs and 1.4% for IEs). These sanctions aim to ensure compliance with the obligations imposed by the directive and to deter negligent behaviour in cybersecurity.

How Arcserve Can Help Companies Comply with NIS 2

To comply with the requirements of the NIS 2 directive, companies can rely on advanced technological solutions from Arcserve. Beyond solutions, personalized advice and support are equally essential to ensure a smooth transition and effective compliance. Arcserve offers a comprehensive range of backup and disaster recovery solutions, which are crucial for the protection and resilience of information systems. Here’s how Arcserve can support you in implementing compliance with the NIS 2 directive:

  1. Cyber Risk Management: Arcserve offers automated backup and data replication solutions, ensuring that critical information is protected against cyberattacks and data loss. These solutions allow for quick restoration of systems in case of an incident, minimizing operational impact.
  2. Information Sharing and Compliance: Arcserve’s centralized management tools allow real-time monitoring of data integrity and generate detailed reports. These features facilitate the sharing of required information with competent authorities, in compliance with NIS 2 obligations.
  3. Incident Reporting and Response: Arcserve provides early threat detection and automated response solutions, enabling companies to quickly detect security incidents and take immediate corrective actions. These capabilities are essential for complying with NIS 2’s incident reporting requirements.
  4. Training and Awareness: In addition to technological solutions, Arcserve offers cybersecurity training and awareness programs, helping companies to strengthen their security culture and better understand the risks and regulatory obligations.

By integrating Arcserve into their cybersecurity strategy, companies can not only comply with the requirements of the NIS 2 directive but also significantly improve their resilience to cyber threats.

The NIS 2 directive represents an important step in the fight against cyber threats in Europe. By strengthening the security of networks and information systems, it helps protect the economic and strategic interests of the EU. From October 17, 2024, the concerned companies must be ready to meet the obligations imposed by the directive and work closely with competent authorities to ensure robust and resilient cybersecurity. Arcserve supports, advises, and provides you with the adequate solutions to effectively and easily implement this directive.

To find out more, join us for our webinar on Thursday, September 5, 2024 at 10am.


Not available on September 5? Contact us today to benefit from our expertise and personalized support in your transformation towards NIS 2 compliance. Our team is here to help you secure your operations and protect your sensitive data.