Om drie goede redenen. Ten eerste, om een inbreuk te voorkomen die kan leiden tot aanzienlijke financiële kosten, verlies van gevoelige gegevens en reputatieschade. Ten tweede, om ervoor te zorgen dat u voldoet aan toekomstige cybersecurity-regelgeving waar meer organisaties aan zullen worden onderworpen. Ten derde, het investeren in cybersecurity van tevoren is goedkoper dan reparaties achteraf, en snelle oplossingen passen mogelijk niet bij uw algehele bedrijfsstrategie. Om u en uw bestuur te helpen uw belangrijkste activa te beschermen, hebben we zeven essentiële vragen over cybersecurity voor u beantwoord. Het artikel gaat verder in het Engels.
Violating cybersecurity regulations can lead to huge fines and massive liabilities. Under the new NIS2 Directive management bodies can be held liable in the case of a failure to implement the required security measures.
Failing to implement appropriate security measures in compliance with the NIS2 Directive or the GDPR may lead to fines up to EUR 10 million or up to 2% of the total worldwide annual turnover (NIS2) or up to EUR 20 million or up to 4% of the total worldwide annual turnover (GDPR) .
Data subjects who have suffered damage because of a GDPR violation are entitled to compensation. Additionally, contracting parties may claim damages for non-compliance with contractual confidentiality provisions.
Get to know your Chief Information Security Officer (CISO) better – or if you don’t have one, hire one. Learn from each other, so that the board has a better grasp of cybersecurity, and the CISO has a clear understanding of your business strategy and goals. It’s also a good idea for the whole board to become more cyber aware by taking a course in cybersecurity – especially as under the NIS2 Directive (management) board members will be legally required to approve cybersecurity risk-management measures and oversee their implementation.
Ask your CISO to conduct a (or provide a recent) high-level risk assessment. This will highlight potential security threats and enable you to prioritize security investments to mitigate threats based on their potential impact on the organization.
Given the increasingly complex cybersecurity regulatory environment in the EU, it’s hard for non-legal experts to know. We can provide a high-level overview of the laws relevant to your company and advise on what action may need to be taken to ensure compliance, now and in the future.
To achieve:
More effective protection of key assets through a structured risk-based prioritization of key controls.
Heightened customer and partner trust.
Reduced risk of enforcement by supervisory authorities or moderation of fines in case of violation.
Perform a broad self-assessment with a team of subject matter experts (e.g. legal, compliance, risk, IT). Make sure you include your suppliers and chain partners in your self-assessment, as outages in your ecosystem may impact your business and adversaries may gain access to your systems via a vulnerability in a system of one of your suppliers.
Stay informed on developments inside and outside your company. Internally, ask your CISO to provide regular metrics reports that measure, assess, and improve the performance and maturity of your security program. Combine these reports with context by CISO and subject matter experts on incidents inside the company’s ecosystem. Externally, stay up to date with substantial changes in threats and updates on regulatory developments.