Skip to content

Navigating the NIS2 Directive: Essential Cybersecurity Upgrades for Critical Sectors 


Published:
NIS2 Directive

The new NIS2 directive will have a big impact on several sectors in Sweden, and increase obligations for risk management, network security, and particularly 24/7 incident reporting. In this blog post we will go through the broadened industry scope in the new NIS2 Directive, what this means in the case of preparing your organization’s cybersecurity and why it is of utmost importance to be ready when cyber criminality is becoming more common and more aggressive. 

What industries are under the NIS2 Directive’s scope?

The NIS2 Directive represents a significant advancement over its predecessor, the original Network and Information Systems (NIS1) Directive. Compared to the NIS1 directive, the NIS2 directive has a broader scope and covers a wider set of sectors. The NIS2 Directive categorizes the sectors it affects into two main groups: “Essential” and “Important” entities.   

The essential entities include: 

  • Energy: Electricity, oil, and gas sectors are considered crucial due to their role in powering other critical services and our economies. 
  • Transport: Mobility and logistics for both people and goods are important cornerstones in our societies, which makes air, rail, water, and road transport important to protect. 
  • Banking: As the backbone of financial transactions and stability, the banking sector’s cybersecurity is vital. 
  • Financial market infrastructures: This includes entities that facilitate financial transactions, such as stock exchanges. 
  • Health: Healthcare providers, including hospitals and clinics, are naturally critical to safeguard against crime. 
  • Drinking water: Ensuring the safety and availability of drinking water is a public health priority. 
  • Waste water: Proper wastewater management is essential for environmental health and public sanitation. 
  • Digital infrastructure: This includes Internet exchange points, domain name system (DNS) services, and top-level domain name registries, which are essential for the functioning of the internet. 

The important entities include, amongst others, postal services, waste management, chemicals, food, manufacturing, digital providers (such as online search engines) and public administration. 

Underestimating the value of proactive cybersecurity

This expansion not only emphasizes the importance of robust cybersecurity measures, but also aims to proactively safeguard critical infrastructure sectors against potential disruptions. We can also expect to learn more about the types of threats that target these entities, given the more stringent incident reporting requirements from these sectors. 

Cyber criminals have already targeted some pf these essential societal functions in Sweden. For example, the Sophiahemmet hospital in Stockholm, Sweden experienced a severe cyber attack in February this year. In this case, no health care equipment was affected, but in a similar, worst-case scenario, patients’ lives could be in danger. 

Four tips for complying with the NIS2 Directive

To meet the rigorous demands of the NIS2 directive, organizations need to adopt a strategic approach to strengthening their cybersecurity. These four steps are essential in aligning with the compliance requirements for NIS2 and safeguarding against sophisticated cyber threats: 

Tip 1: An initial needs analysis and mapping of sensitive and protected data within one’s own operations and adjacent organizations.

Tip 2: Access to highly qualified personnel who can monitor and evaluate alarms around the clock, as well as take necessary actions to stop attacks during serious incidents and carry out incident reporting according to the requirement within 24 hours.  

    Tip 3: A technical platform with artificial intelligence that can sort through the vast number of alarms generated, thereby providing the necessary conditions for the people who need to handle the attacks.  

    Tip 4: The ability to process data within the operations and the country’s borders while being allowed to benefit from global trend data. 

          Organizations must evaluate their cybersecurity frameworks and address gaps in their preparedness to be compliant with the impending regulations. In case of failing to comply with them, financial penalties can be adjudicated – up to 10 million euros or 2 percent of the total annual turnover. 

          Read more about how to prepare for the NIS2 Directive in our guide here. Reach out to our experts at NTT Security to discuss your compliance needs and discover how our services can support your journey to NIS2 compliance here.


          Are you unsure if your business is safe and protected from cybercriminals? Let’s talk. 

          By taking proactive measures and remaining vigilant, we can collectively defend against cyber threats and safeguard sensitive data from exploitation. Let’s prioritize cybersecurity and work together to ensure a safer digital environment for all. Fill in the form and we’ll contact you.