The NIS2-directive (Network and Information Systems Directive 2) aims to strengthen cybersecurity and resilience across vital sectors and digital services in the EU.
The directive concerns organisations that depend on network and information systems that can be affected by cyber threats, attacks and operational disruptions. It introduces stricter security requirements and reporting obligations for a broader range of organisations, including essential service providers, digital infrastructure and digital platforms.
DBI can assist organisations with:
- Risk analysis
- GAP analysis
- Business Impact Analysis (BIA) and Business Continuity Plans (BCP)
- Development of frameworks for information security policies, including crisis management and crisis communication
- Emergency management planning
- Recovery plans
- Employee training
- Crisis management exercises
Who is covered by the NIS2-directive?
NIS2 covers sectors including energy, transport, banking, healthcare, digital infrastructure and public administration. Suppliers and subcontractors to these sectors may also be affected by the directive’s requirements.
Minimum NIS2-directive requirements for your organisation
- Management commitment:
Requirement for leadership/management to engage directly in cybersecurity management.
- Risk analysis and assessment:
Extensive and regular assessment and management of cybersecurity risks.
- Incident reporting:
Reporting cybersecurity incidents to national authorities.
- Security measures:
Security measures to protect networks and information systems.
- Cyber hygiene and awareness:
Basic security measures such as regular system updates, strong passwords, multi-factor authentication, and security awareness training.
- Information security policy:
Implementation of an information security policy based on the company's specific circumstances.
Standards
A good starting point for achieving compliance is working according to IEC standards, as they support the NIS2 Directive's goal of improved cybersecurity.
- ISO/IEC 27001 focuses on the overall structure.
- ISO/IEC 27002 provides guidance on security practices and controls.
- ISO/IEC 27005 helps identify, assess, and address security risks.
These standards help organisations implement effective security measures and risk management, which is essential for meeting NIS2 requirements.
We can help you protect people, operations and assets
Karin works with a dedicated team of safety and security specialists to help organisations strengthen resilience, manage disruptions and support continuity across critical operations.
Karin Castro
Head of Security
Related news
New research: 5 things SMEs should know about resilience
Many small and medium-sized enterprises (SMEs) say they do not work with resilience. But new research shows that SMEs focus more on resilience than they realize – and also highlights which approaches and resources make a difference. Here are 5 insights from a new PhD thesis by Thuva Kandasamy from DBI – the Danish Institute of Fire and Security Technology.
We should protect ourselves against serious cyber threats
As a digital frontrunner, Denmark is extremely vulnerable to the growing cyber threats that we see examples of every day. A new report maps specific threats and presents recommendations based on experiences from both Denmark and Ukraine.
CER: Control employee access and check their background
Employees should only have access to areas and systems relevant to their work. And trusted employees should also undergo background checks. Here, DBI shares useful advice on managing employees and performing background checks. What does employee management mean under the CER Act?
CER: Handle incidents effectively with a contingency plan
The core requirement of the CER Directive regarding incident management is to conduct a risk assessment and develop a contingency plan. DBI’s security advisors offer useful guidance.
5 things your business can learn from the power outage in Spain
The power outage in Spain and Portugal in April lasted up to 18 hours. How long – and how well – can your business operate without electricity? DBI’s resilience expert, Jesper Florin, offers valuable advice on emergency planning and strategies for maintaining operations during a power outage.
CER: Find and close the gaps to limit access to your business
The CER Directive on the Resilience of Critical Entities requires that companies within critical infrastructure have adequate physical security. However, the directive doesn’t specify how to implement it. Jesper Florin, head of DBI’s Security and Resilience Department, provides the answers.
CER directive: Timely diligence reduces risks
Companies within critical infrastructure must prevent incidents, as prescribed by the EU CER directive. Andreas Norstedt, a security advisor at DBI – the Danish Institute of Fire and Security Technology, provides guidance on how to approach this.
NIS2: How to Maintain Operations if a Crisis Strikes
By 2025, companies must comply with the requirements of the EU NIS2 directive. Here, DBI (Danish Institute of Fire and Security Technology) explains how to meet these requirements and what Business Continuity Management (BCM) involves.
CER Directive to strengthen critical infrastructure in the EU
An EU directive aims to improve companies in selected sectors in preventing, managing and recovering from hybrid attacks, natural disasters, terrorist threats and public health crises. The requirements may also include subcontractors.
New EU directive tightens cyber security requirements
The EU’s new NIS2 Directive has come into force. It tightens the requirements for cyber and information security, and requires a holistic, risk-based approach for companies. Many more companies will now be considered to constitute critical infrastructure due to their role as subcontractors.
Terms of use of the DBI website
Copyright © All material on DBI's website is protected by copyright law. If you are in any doubt about how to use our material, feel free to contact us at dbi@dbigroup.dk.
Copyright © All material on DBI's website is protected by copyright law. If you are in any doubt about how to use our material, feel free to contact us at dbi@dbigroup.dk.
