Business growth and NIS2 compliance – How to archive Digital Trust in an essential and critical entity.
For organizations, the increasing awareness of cyber risk, by consumers and regulators alike, doesn’t have to spell trouble. In fact, the current climate could present savvy leaders with a significant growth opportunity. McKinsey research indicates that the organizations best positioned to build digital trust are more likely than others to see annual growth of at least 10 percent.
Ensuring digital trust is a leadership responsibility that crosses domains and functions.
The management bodies of essential and important entities must approve the cybersecurity risk-management measures taken by those entities, oversee its implementation and "can be held liable for infringements."
According to Article 20in NIS2, Member States shall ensure that the "members of the management bodies of essential and important entities are required to follow training," and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity.
According to Article 21 (Cybersecurity risk-management measures), essential and important entities must take appropriate and proportionate technical, operational, and organizational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimize the impact of incidents on recipients of their services and on other services.