Although the Network and Information System Regulations 2018 is aimed at Operators of Essential Services (OES), it will also have significant implications for many of their suppliers.
NIS now in force
The EU’s The Network and Information System Regulations 2018, which came into effect on 10th May, aims to raise the overall level of cybersecurity across the EU.
Attacks on essential services pose a risk of significant damage and disruption to the UK’s infrastructure and economy, and the NIS looks to bring a greater degree of scrutiny and accountability to policies, procedures and practices employed by organisations in protecting their systems and their data.
Businesses and organisations covered by NIS will have to ensure they have appropriate security measures in place to protect networks and data against cyber security incidents. They will also need to report serious incidents to regulators.
The maximum financial penalty for non-compliance – including failure to cooperate with the relevant competent authority, report an incident or failure to implement appropriate security measures – is £17 million.
What does this mean for you?
Our latest briefing paper provides an overview of what the NIS might mean for you, who is affected, details of the Cyber Assessment Framework as well as the focus on supply chains.
If you would like to read our latest briefing paper, you can do so using the link below: