Critical Infrastructure Security , Government , Industry Specific

NIS2 Directive: Focusing on Critical Infrastructure Security

Compliance Expert on Readiness, Compliance and Rapid Incident Reporting
Avani Desai, CEO, Schellman

The Network and Information Security 2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.

See Also: Making Sense of FedRAMP and StateRAMP

Organizations may be required to comply with NIS2 by October 2024, though for the financial services sector, the regulations will be superseded by the EU's Digital Operational Resilience Act, or DORA, in January 2025.

"The most aggressive timeline that I've seen is the 24-hour incident reporting requirement," said Avani Desai, CEO of Schellman. "This places a huge burden on organizations to have robust detection and reporting mechanisms in place, especially for smaller companies in newly covered sectors."

Desai advises organizations to conduct a comprehensive risk assessment of their current cybersecurity practices and ensure their incident detection and reporting systems are prepared. "Compliance really needs to begin with doing a comprehensive assessment," she said. She also stressed the importance of integrating cybersecurity into governance structures and recommended appointing an EU representative for cross-border companies to meet regional regulations.

In this video interview with Information Security Media Group, Desai discussed:

  • The major changes the NIS2 Directive will bring to the cybersecurity landscape, especially for organizations in critical sectors across the EU;
  • Challenges companies face in preparing for NIS2, particularly with rapid incident detection, reporting and supply chain security;
  • Essential steps E.U. and U.S. organizations must take now to ensure compliance.

Desai leads Schellman, the largest niche cybersecurity assessment firm in the world that focuses on technology assessments. She has domestic and international experience in information security, operations, P&L, oversight and marketing involving both startup and growth organizations. Desai has been featured in Forbes, CIO.com and The Wall Street Journal and speaks on a variety of emerging topics, including security, privacy, information security, future technology trends and the expansion of young women involved in technology.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.