In an increasingly globally networked world, where digital technologies inevitably penetrate our daily lives, the security of our digital systems and data is becoming increasingly important. Cybersecurity, which involves protecting computers, networks, programs and data from unauthorized access, is of crucial importance. Nevertheless, according to a survey by the Monitoring Report Wirtschaft DIGITAL Baden-Württemberg, only 75% of company directors are concerned with this topic and only 45% of employees are aware of the IT risks associated with cyber attacks. This is despite the fact that, according to bitkom, the estimated annual economic loss for German companies is over 200 billion euros.

Cybersecurity is enshrined in law

The increasing importance of cyber security is therefore also reflected in legislation. German companies are expected to demonstrably protect themselves and their international supply chains better against cyber attacks. New cyber security laws also have an impact on companies in Baden-Württemberg. The EU published a new directive on network and information security at the end of 2022, which must be transposed into national law by October 2024. The introduction of the EU directive NIS-2 thus marks an important milestone in the area of cyber security. The need for the introduction of NIS-2 arises from the increased threat to critical infrastructures from digital attacks. The directive aims to counteract or prevent attacks and strengthen the resilience of companies and organizations to cyber threats.
 

Companies in many sectors need to take action

As a revised version of the NIS-1 directive, NIS-2 sets stricter cybersecurity standards for companies that operate in different sectors and meet certain criteria. In particular, this applies to companies with at least 50 employees and a turnover of at least 10 million euros. In Germany, it is estimated that between 29,000 and 40,000 companies are affected by NIS-2. These companies must establish an information security management system (ISMS) in order to meet the legal requirements. These requirements include self-assessment, registration with the competent authority, notification of security incidents and the implementation of a range of security measures such as risk management, supply chain security and appropriate response to security incidents. Companies are free to choose whether to use digital crisis management software, for example, which contains such functions.

For many companies, implementing and monitoring measures to comply with the NIS-2 standards is a complex and time-consuming task that requires resources and investment. The introduction of NIS-2 also affects companies that may have previously paid little attention to their information security.

NIS-2 as an opportunity to strengthen corporate resilience

It is important to understand that the NIS-2 Directive is not only an obligation for companies, but also an opportunity to raise security standards and improve resilience to cyber threats. By implementing effective security measures, companies can not only protect their own systems and data, but also help to strengthen cyber security at a European level. The NIS 2 Directive requires close cooperation and coordination between companies, authorities and other relevant stakeholders. Only through a joint effort of all stakeholders can the challenges of the modern world be overcome and a secure and trustworthy digital environment be created.