If your organization is already ISO 27001 certifiied, you’re part way to becoming NIS2 compliant
Find out how Veeam can help fill the gaps in your cybersecurity and support your NIS2 compliance journey.
Are You Ready for NIS2?
The Network Information Security Directive (NIS2) is designed to strengthen the cybersecurity posture of EU critical infrastructure entities or industries to meet basic compliance requirements.
What differentiates NIS2 from its predecessor is that compliance spans the entire third-party supply chain and most importantly, it could mandate personal liability to corporate management and executives for non-compliance.
NIS2 takes information security to the core of national security.
EU Member States have until 18 October 2024 to transpose NIS2 security requirements into their national laws, so it’s important to act now.
Whitepaper
The NIS2 Directive – what to know and how to prepare
Veeam solutions can contribute to businesses becoming NIS2 compliant by providing them with reliable and secure backup, recovery, and data management capabilities.
NIS2 in a Nutshell
The NIS2 directive is built on two main pillars to strengthen cybersecurity and overall resilience
Duty of Care
Organizations are required to implement robust risk management and business continuity measures to minimize cyber risks and impact. This includes incident management, securing the supply chain, enhancing network and access control security, encryption, system recovery, emergency procedures, and establishing a crisis response team.
Duty to Report
Essential entities are mandated to establish processes for promptly reporting significant security incidents, with specific notification deadlines, such as a 24‑hour ‘early warning’ system. NIS2 also significantly emphasises corporate accountability, requiring management to be actively involved in and knowledgeable about the organization’s cybersecurity measures.
Greater consequences
Penalties for non‑compliance are severe
The NIS2 Directive requires companies to plan and strengthen their cybersecurity, to communicate with supervisory bodies and report breaches with greater transparency.
Fines vary depending on whether an industry or entity is defined as “Essential” or “Important”.
- Directors and Management could be held personallyliable for failures in implementation and compliance
- Essential Entities could face fines up to €10 million or 2% of total turnover
- Important Entities could face fines up to €7 million or 1.4% of total turnover
- Regulators may suspend business operations if critical to network security
Understand the Cybersecurity Landscape
76%
of organizations have data protection gaps*
74%
of organisations protect their Microsoft 365 data*
3out of4
organizations suffered at least one ransomware attack in the preceding twelve months*
*Source: Veeam Data Protection Trends Report 2024
Did you know
Who is Affected?
Understand if your business falls under the NIS2 scope and gain clarity on the implications of non-compliance.
- Organizations with 50 or more full time employees
- Fines vary depending on whether a company is defined as “Essential” or “Important”
Essential or Critical Infrastructure Industries
≥250 FTE or ≥€50M annual turnover or balance sheet of ≥€43M
Fines for non-compliance
Up to €10 Million or at least 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher
Banking
Business & Finance
Digital Infrastructure
Drinking Water
Energy
Health Sector
Public Administration
Space
Transport
Waste Water
Important Industries
≥50 FTE or ≥€10M annual turnover or balance sheet of ≥€10M (or 2% of worldwide sales)
Fines for non-compliance
Up to €7 Million or at least 1.4% of the total annual worldwide turnover of the preceding financial year, whichever is higher
Chemical
Manufacture, Production & Distribution
Digital Providers
Food
Production, Processing & Distribution
Manufacturing
Postal Services
Research
Waste Management
Remember
NIS2 could also apply to non-EU countries
NIS2 not only spans the entire supply chain, but also includes additional segments. Even non-EU countries such as the UK and Switzerland, who are not implementing NIS2 or bound by EU legislation, could be affected.
Cybersecurity and Resilience Makes Business Sense
Many organizations are either unaware of the pending 18 October 2024 NIS2 compliance deadline or burying their heads in the sand. Be in the know.
Overview
- Two groups of industries or entities have been identified, with tiered obligations to strengthen cyber security
- Organizations will be subject to greater government oversight
- Greater penalties will be faced by organizations and their supply-chains for non-compliance
- Non-EU countries that have IT operations within the EU will be required to comply to the directive
- Executive Management will be held personally liable for cybersecurity breaches
Fill the gaps in your cybersecurity with Veeam
We enable organizations to complete their cyber resiliency strategy with the best‑in‑class data security, data recovery and data freedom.
Data Security
Multi‑layered protection designed for peace of mind across the hybrid cloud.
- Proactive threat hunting
- Immutability everywhere
- Secure access
Data Recovery
Fast, reliable recovery when you need it, where you need it.
- Recover fast with precision
- Secure, automated orchestration
- Avoid reinfection
Data Freedom
Protect all your data, anywhere, any way, with zero lock‑in.
- Broad workload coverage
- Infrastructure observability
- Multi‑cloud mobility
Find out how Veeam can help fill the gaps in your cybersecurity and support your NIS2 compliance journey.
