The NIS2 legislation forces companies to examine their security approach and opt for a holistic approach, where organizations no longer approach their cybersecurity as separate components.
NIS2 is high on the agenda, but many organizations still lack the sense of urgency to take real action. While the European directive is already in force in Belgium, and its introduction in the Netherlands is also irrevocably approaching, many companies are still postponing their security approach due to a lack of time, knowledge, and budget.
“Many companies will only sound the alarm when it is too late, but then it will cost much more money,” says Gijs Reijns, Product Manager at Copaco Netherlands. Together with his Belgian counterpart, Warre De Boever, Internal Sales at Copaco Belgium, we examine the NIS2 situation in both countries.
Urgency is lacking
NIS2 is a much-discussed topic, but not all companies are compliant with this legislation yet. According to De Boever, this is partly due to a lack of time and high costs. “Security is still too often seen as a major cost, it requires a lot of time and extra manpower within a company.”
Moreover, he emphasizes the lack of a sense of urgency. “There is still too little urgency among companies, which means that they are more likely to postpone the necessary measures. These companies have often not yet experienced any major security incidents or cyber attacks,” he says.
Consultants can strengthen the urgency surrounding NIS2.
Gijs Reijns, Product Manager bij Copaco Nederland
De Boever further notes that we are in an interim period. “No concrete enforcement or control is being carried out yet,” he says. “Sanctions such as the cessation of activities and disclosure of non-compliance are not yet being felt. That gives companies the feeling that they still have time, while the obligations do already exist.”
Holistic approach
The high costs and lack of time and knowledge are related to the great complexity involved in securing a company. Beijns notes that companies do not always have a clear overview of their digital security. “A company that, for example, focuses heavily on data management must know where the data is located, how often it is shared and who can access it.”
This complexity and risks are further increased by the use of modern tools, such as AI. Reijns sees that organizations, for example, are working extensively with Copilot and sharing sensitive data, without being sufficiently aware of the risks. “If you don’t have a grip on who can see or use what, you run the risk of data leaking out undesirably.”
read also
United Front against Cyber Threats: how we get SMEs on board the NIS2 train
According to De Boever, cybersecurity is complex because it consists of various aspects. “Effective security starts with a good foundation: securing data, solid network and endpoint security, and properly regulating access security, for example through multi-factor authentication,” he says.
“I strongly believe in a holistic approach to security. With the right security solutions, organizations can create an overview by centrally managing and continuously monitoring these components, allowing deviations to be detected more quickly.”
Netherlands vs. Belgium
NIS2 is a European directive. This means that all European countries can decide for themselves when the directive is incorporated into legislation and thus officially takes effect. The gentlemen notice a clear difference in pace between the neighboring countries of the Netherlands and Belgium.
“NIS2 is much less of an issue in the Netherlands because the legislation is not yet in force,” Reijns knows. “Large organizations know it’s coming and are working on it, but for small companies that’s not a priority at the moment.” De Boever adds: “With the current political situation, it is not easy to incorporate the NIS2 guidelines into legislation in the Netherlands.”
Everything is already well packaged in Belgium and we are then trying to take it over in the Netherlands.
Gijs Reijns, Product Manager bij Copaco Nederland
He also notes that although the legislation has already been in force in Belgium for one year, there is still uncertainty among companies. “The extent to which organizations are working on it also depends on their size. Large organizations have been working on this for a long time, but there is still more work to be done for SMEs.”
Benefit of a partner
Within the entire NIS2 and security landscape, Copaco aims to position itself as a reliable partner. “We guide clients based on awareness and knowledge sharing. What are the regulations, what should you pay attention to, and how do you become compliant? These are questions we answer together with the client,” says Reijns. Consultants work with the end client to take the right steps to become NIS2 compliant.
“The most important thing is that NIS2 is not a checklist,” emphasizes de Boever. “It offers IT companies opportunities to develop into a strategic business partner for their end customers, with the aim of better protecting them and making them more resilient against cyber risks.”
This editorial piece was created in collaboration with ITdaily partner Copaco. To inform companies about NIS2, Copaco has set up a podcast. In this way, the company wants to share its knowledge and experience, as well as increase awareness about NIS2. Using various cases, companies learn how to make their security more mature. Click here for more information.