All blogs

RiskTalk: How to prepare your business for NIS2

jelle groenendaal co-founder & cmo 3rdrisk
Jelle Groenendaal
December 9, 2024
4
min read

The introduction of the European NIS2 Directive presents businesses with a significant challenge in strengthening their digital resilience. In the fourth episode of 3rdRisk’s RiskTalk podcast, three experts discuss the impact and practical implications of NIS2: Jasper Nagetaal (RDI), Willem van der Valk (Eraneos) and our own Bram Ketting.

Risktalk cover

The introduction of the European NIS2 Directive presents businesses with a significant challenge in strengthening their digital resilience. In the fourth episode of 3rdRisk’s RiskTalk podcast, three experts discuss the impact and practical implications of NIS2. Jasper Nagtegaal, Director of Digital Resilience at the Dutch Authority for Digital Infrastructure, shares insights from his regulatory perspective. Willem van der Valk, cybersecurity and privacy expert at Eraneos, offers real-world advice on implementing NIS2. Finally, Bram Ketting, co-founder of 3rdRisk, highlights how companies can collaborate across the supply chain to bolster security.

What is NIS2, and why does it matter?

NIS2, an initiative by the European Union, expands upon the original NIS Directive with stricter requirements for securing digital systems and infrastructure. It applies to a broader range of sectors and establishes clearer guidelines for supply chain management, risk management, and board-level responsibilities. Jasper Nagtegaal explains the directive’s importance: “NIS2 is a boost for Europe’s resilience and a necessary step towards making organisations more robust against cyber threats.”

The three pillars of NIS2: What do they mean for your organisation?

To support businesses in building an effective cybersecurity strategy, NIS2 focuses on three critical areas:

  1. Supply chain management. Companies must ensure the digital resilience of their entire supply chain, addressing not only internal security but also the standards of their suppliers and partners. Bram Ketting notes: “It’s about creating an ecosystem. By collaborating with suppliers and partners, businesses can build a stronger, more secure network together.”
  2. Risk management as a core principle. NIS2 emphasises a risk-based approach, encouraging organisations to address vulnerabilities proactively rather than reactively. Willem van der Valk states: “Businesses need to look beyond IT departments and embed risk management across the organisation. This requires both technical measures and a cultural shift.”
  3. Board-level accountability. The directive requires executive leaders to take an active role in cybersecurity. Boards are expected to make informed strategic decisions and take responsibility for the organisation’s digital resilience. Willem underscores the shift in mindset required: “Cybersecurity is no longer just an IT issue; it’s a company-wide responsibility.”

Practical steps for implementing NIS2

For compliance and risk professionals, effective NIS2 implementation involves these actionable steps:

  • Leverage Existing Frameworks. Businesses with existing measures like ISO certifications can use these as a foundation. Aligning current procedures with NIS2 requirements streamlines the process. Willem advises: “Many organisations have already made progress. It’s often a matter of adjusting these to meet NIS2’s standards.”
  • Standardise processes. NIS2’s scope across the supply chain makes standardisation essential for efficiency and consistency. Jasper highlights: “A shared standard benefits everyone. It reduces errors and ensures clarity throughout the supply chain.”
  • Engage leadership. Executive buy-in is critical. Leaders need training in risk management and a clear understanding of the required measures. Willem adds: “If boards still see cybersecurity as just an IT responsibility, there’s a fundamental issue to address.”

NIS2: A catalyst for european cybersecurity

NIS2 aims to strengthen the digital resilience of European businesses and minimise the impact of cyber threats. Jasper believes it offers more than just a legal obligation: “NIS2 is a chance for organisations to fundamentally improve their security posture, not just comply with regulations.” The directive represents a vital step toward managing risks holistically. By collaborating with partners and adopting robust measures, businesses can contribute to a safer digital landscape.

Tune in to RiskTalk

Want to understand NIS2’s implications and learn actionable strategies for compliance? Listen to this episode of RiskTalk, where Jasper, Willem, and Bram share insights, practical steps, and real-world examples. Gain the knowledge to protect your organisation and strengthen its digital resilience.

Table of contents

Heading 2
Heading 3
Heading 4
Get the latest insights on third-party risk management
By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Looking for an easy way to manage third-party risks?

Get a quick introduction to our third-party risk platform and make informed decisions today.

Book a free demo
Jelle Groenendaal
Co-founder & CMO

Want to read more?

Read more helpful content on third-party risk management and compliance.

Cybersecurity

A deep dive on DORA’s RTS on ICT third-party service providers

The Digital Operational Resilience Act (DORA) and its Draft Regulatory Technical Standards (RTS) provide a comprehensive framework for managing ICT third-party risks in the financial sector. In this blog post, we take a closer look at the requirements included in the RTS.
bodrik bakker customer experience specialist
Bodrik Bakker
September 15, 2024
3
min read
Sustainability

What you need to know about the EU Deforestation Regulation

In this blog post, we take a closer look at the EU Deforestation regulation. This regulation, effective in 2024, aims to prevent deforestation and forest degradation by regulating the import and export of commodities like palm oil, soy, cattle, coffee, and timber within the EU market.
bram ketting co-founder & ceo 3rdrisk
Bram Ketting
August 15, 2024
1
min read
Sustainability

German Supply Chain Act (LkSG): Takeaways for compliance

The German Supply Chain Act (LkSG), effective since 1st January 2023, enforces strict due diligence obligations on companies to address human rights and environmental risks within their supply chains. Businesses must implement measures such as risk management systems, regular risk analyses, preventive actions, complaints mechanisms, and annual reporting.
rick sollet co-founder & cto 3rdrisk
Rick Sollet
June 15, 2024
3
min read
Dave van Gulik
Trust Alliance

“3rdRisk is our go-to platform for third-party risk and compliance management. Why? Because it’s based on the latest standards in our field, highly flexible, intuitive, and pleasant to work with.”

Book a demo
Read customer stories