Blog
Jul 23

NIS2 and Risk Management

Cybersecurity is crucial in the digital age, and the EU’s NIS2 Directive enhances information security by setting a regulatory framework to protect digital infrastructure. NIS2 is an opportunity for companies to improve their IT risk management strategies. Effective risk management is key to preparing for NIS2.

NIS2 Registration

NIS2 aims for high cybersecurity levels across the EU, focusing on critical infrastructure organizations. In Hungary, the Cybersecurity Act (Act XXIII of 2023) regulates its implementation. Organizations must register with the Supervisory Authority of Regulated Activities (SZTFH) by 30 June 2024, marking the first essential step. Following registration, several additional steps are required to comply with NIS2.

NIS2 Deadlines

  • By 30 June 2024: Affected organizations must self-identify and complete the SZTFH 420 form for registration.
  • From 18 October 2024: Implement security measures and pay the supervisory fee to SZTFH.
  • By 31 December 2024: Sign a contract with a selected auditor.
  • By 31 December 2025: The selected auditor conducts the first cybersecurity audit.

Mapping Cybersecurity Gaps – GAP Analysis

GAP analysis is crucial for identifying what needs to be done for NIS2 compliance. This step helps in pinpointing cybersecurity gaps and developing an action plan. Organizations with ISO27001 certification or those compliant with Act L are better positioned but still need to ensure full NIS2 compliance. Identifying deficiencies and creating an action plan is essential for compliance.

Integrating Cybersecurity into Business – Risk Management

Integrating cybersecurity requires coordinated activities to meet NIS2 requirements and manage risks effectively and cost-efficiently. A robust risk management process helps organizations develop best practices for protecting information and systems. This allows management to make informed decisions and investments to reduce risks to acceptable levels. Risk-based prioritization helps tailor measures based on analysis, focusing first on the areas of greatest risk.

Risk Analysis – Preparing for NIS2 Requirements

Risk analysis is a mandatory and useful tool for prioritizing cybersecurity tasks and understanding threat levels. A well-developed risk management plan, aligned with NIS2, not only ensures regulatory compliance but also supports long-term stability and growth. NIS2 and proper risk management present an opportunity for companies to enhance their digital defenses.

About The Author