Cybersecurity and Drivers: how the NIS2 increases your accountability 

Learn more
Cybersecurity en Bestuurders: hoe de NIS2 uw verantwoordelijkheid vergroot 

The NIS2 is coming! This means that not only your organization, but also you as a director must meet strict requirements. This European directive significantly tightens security standards for organizations and makes you personally liable if security measures are inadequate. In this article, we discuss what these obligations mean for you as a director and how you can comply with them in the most effective and efficient way. 

The NIS2 in brief 

The NIS2 is the successor to the 2016 NIS Directive. Due to the increasing number of cyber attacks, the EU wants to strengthen the security level and cyber resilience of organizations with the NIS2. Currently, the Dutch government is in the process of translating the NIS2 guidelines into national legislation. In our article about the NIS2 read more about this legislation. 

Who is covered by the NIS2? 

Compared to the old NIS guideline, NIS2 applies to significantly more organizations. These are characterized by: 

  1. Activity in key and important sectors (see figure below) 
  1. A minimum of 50 employees or there is an annual turnover of more than 10 million euros, and a balance sheet total of more than 10 million euros

Remark: 
An organization may still be considered essential or important without meeting the size criteria. For example, when it is critical to the social or economic activity of the Netherlands. 

What does this mean for administrators?

Your organization is required to have the proper cybersecurity measures in place and that they are implemented effectively. Are you falling short in this regard? If so, you can you will be held jointly and severally liable. Indeed, the NIS2 states that it is the responsibility of administrators to both approve and monitor security measures. 

What does joint and several liability mean? 

Failure or improper compliance can lead to legal and financial consequences, such as fines or other penalties. It emphasizes the need to take an active role in your company's cybersecurity strategy.  

Training requirement for drivers 

As a director, you should have sufficient knowledge to assess cybersecurity risks and understand the impact on your business. This is why NIS2 makes it mandatory for directors to undergo education or training to gain sufficient knowledge and skills. Fortunately, this is easy to organize-with the right training, you can develop the skills to meet regulatory requirements and properly protect your organization in a short period of time. 

Where to start?

Now that it is clear that you need to be well prepared and liable as a director to comply with NIS2, the question is: how do you address this? It is mandatory, as mentioned earlier, to undergo training or education on short notice. At Nestor Security, we offer effective and short training to provide you with sufficient basic cybersecurity and NIS2 knowledge and skills. During the training you will be guided by our experienced specialists who will ensure that you can meet the training requirement of the NIS2. Read more about the training sign up:

NIS2 Lead Implementer Training