Italy
Nije pronađen nijedan artikal.
Nije pronađen nijedan artikal.
Cybersecurity
Sve objave

NIS2; risks and opportunities for businesses

autori

Fabio Borri
Nije pronađen nijedan artikal.

Sadržaj

Ja ću biti URL za kopiranje

Introduction and regulatory references


NIS is an acronym that stands for "Network and Information Security".

With this acronym; the European Community intended to denote the legislative effort to define a standardised approach to cyber security in all EU Member States.

In 2018; the first European regulation called NIS1 (EU Directive 2016/1148) was passed; transposed at national level by Legislative Decree 65 of 18/05/2018.

The NIS Decree also provided for the adoption of a 'national cyber security strategy' by establishing the Italian CSIRT (Computer Security Incident Response Team) with technical tasks related to the prevention; response and monitoring of cyber incidents; in collaboration with European CSIRTs.

NIS1 was subsequently superseded by NIS2 (EU Directive 2022/2555); transposed at national level by Legislative Decree 138 of 4 September 2024.

NIS 2 aims to overcome the limitations of NIS 1; which left too much discretion to Member States during transposition; resulting in a failure to achieve the objective of harmonisation; and also excluded certain categories of entities that should have been regulated because of their importance to the European market.

Furthermore; NIS2 was introduced to respond to the increase in the rate of digitisation that has taken place in all Member States and has been accelerated by the pandemic; which has expanded the surface area for cyber attacks without a corresponding increase in security systems.

Finally; another objective of NIS2 is to oblige operators of essential and important services and digital service providers to adopt adequate security measures and to report incidents promptly to the competent authorities and users of their services.

The new directive has been aligned with other specific European sectoral regulations; including:

- the Directive on Digital Operational Resilience for the Financial Sector (DORA). This is the Regulation approved on 10/11/2022 with the aim of increasing security measures in favour of the resilience and cybersecurity of the financial sector through the implementation of a series of mandatory security measures that guarantee the integrity of information and the cybersecurity of services;

- the Critical Entity Resilience Directive (CER); aimed at ensuring legal clarity and consistency between the various directives.

The companies concerned have been divided into:

  • Essential entities (energy; transport; health; water supply; public administration; finance; space; digital infrastructure)
  • Important entities (research; chemicals; food; industrial production; digital providers; postal services; waste)
  • Public bodies: Central government (constitutional and constitutionally relevant bodies; the Prime Minister's Office and ministries; tax agencies; independent administrative authorities) | Regional government (regions and autonomous provinces) | Local government (metropolitan cities; municipalities with > 100;000 inhabitants; regional capitals; local health authorities) | Other public entities (economic regulatory bodies; economic service providers; associations; welfare; recreational and cultural service providers; research bodies and institutions; experimental zooprophylactic institutes) | Other types of entities (entities providing local public transport services; educational institutions carrying out research activities; entities carrying out activities of cultural interest; in-house companies; investee companies and publicly controlled companies)
  • Suppliers: organizations that provide critical services to entities affected by NIS2 must strengthen their digital security; even if they are explicitly included in the mandatory sectors.

Content of NIS2


The general obligations inherent in the content of NIS2 can be summarised on the basis of four main pillars:

Governance: Management must approve the risk management measures adopted by the organization and assess their effectiveness over time: follow regular training on cybersecurity issues and offer similar training to employees.

Risk management: the organization must assess security and network risks and adopt appropriate and proportionate technical; operational and organisational measures to prevent or minimise the impact of incidents on the recipients of its services.

Business continuity: the organization must adopt solutions to ensure business continuity (e.g. backups; disaster recovery plan and crisis management procedure); aimed at minimising the impact of any interruptions to the services provided.

Supply chain: the company must assess the vulnerabilities of each direct supplier and the overall quality of its suppliers' products and cybersecurity practices. The assessment will cover ICT suppliers and other critical suppliers that could cause disruption to the service for which the organization has been included in the NIS2 perimeter.

Companies will therefore be required to be able to measure and report on:

  • Risk analysis and information system security policies
  • Incident management procedures
  • Business continuity solutions (backup and disaster recovery) and crisis management and communication procedures
  • Supply chain security policies (suppliers and service providers)
  • Security in the acquisition; development; maintenance and management of information system and network vulnerabilities

NIS2 Timeline


Companies and public administrations will have to carry out an assessment to understand whether or not they are subject to the obligations of the NIS2 Directive.

From 1 December 2024 to 28 February 2025; companies should have authenticated themselves on the ACN (National Cybersecurity Agency) Portal using their SPID credentials. During this period; users designated as contact points for each company should have completed a declaration via the NIS/Registration Service.

In particular; companies are required to:

  • Indicate whether the entity is part of a group of companies and provide the tax code of the parent company; if applicable.
  • List the related companies and provide their tax codes.
  • List the ATECO codes describing the entity's activity.
  • Indicate the relevant European Union sectoral regulations.
  • Provide turnover; balance sheet and number of employees figures to determine the category of the company.
  • List the types of entities to which the company belongs.


By 17 January 2025; operators of top-level domain name registries; providers of domain name system and domain name registration services; cloud computing; data centers; content delivery network providers; managed service providers; managed security service providers; as well as online marketplace providers; online search engine providers and social networking service platform providers should have registered on the platform.

By 31 March 2025; the ACN compiled a list of essential and important entities based on the registrations received through the platform.

Between 1 April 2025 and 15 April 2025; the ACN notified the entities concerned whether they had been included in the list of essential or important entities.

By 15 April 2025; the entities that received the notification were required to appoint; by means of a specific act; an entity responsible for fulfilling the obligations of the decree.

After that; the entities affected by the Directive will have to comply with further requirements:

  • by 1 January 2026; incident reporting obligation
  • by 1 October 2026; obligations regarding administrative bodies and security measures must be fulfilled


Each year; the ACN will update the list of entities involved. Companies and public administrations will have the opportunity to register each year; between January and February; if they consider themselves to be among the entities concerned.

Risks for companies but also opportunities


Following the entry into force of NIS2 and the identification of the operators involved; the competent authorities may carry out surveillance and spot checks to verify their compliance with the Directive. In the event of non-compliance; penalties will be applied to the companies involved.

The penalties are very severe: for large companies; up to €10 million or 2% of global turnover; for medium-sized enterprises; up to €7 million or 1.4% of global turnover.

Although compliance with the regulations requires a clear effort and investment on the part of companies; it must also be recognized that the regulations themselves seek to provide a substantial remedy to the problem of cyber attacks; to which Italian companies are still very susceptible and which they often tend to cover up for image reasons. In economic terms; the estimated average damage for each individual cyber attack is more than €2 million; regardless of the company's turnover.

How ERA can help with NIS2 compliance management


Despite all of the above; which might suggest that companies are extremely interested and involved in cyber security issues; it is not uncommon; especially among small SMEs; to find companies that have done little or nothing about these issues and are currently unable to define their position in terms of the risks to which they are exposed; both from a technical point of view and in terms of compliance with the various existing regulations.

Some companies address the issue of cybersecurity through insurance coverage. However; insurance companies are often reluctant to offer this type of protection to companies that have never taken concrete action in the cyber sphere. This is because there is no reliable method for accurately estimating the damage caused by a cyber attack. As a result; 'NIS2 packages' focus on cyber risk assessment services; but leave it up to companies to take the necessary measures to address any gaps. ERA can offer a more comprehensive service; relying on a network of highly qualified suppliers at very competitive commercial terms.

In detail; ERA's support consists of:

  • An assessment of the company's organisational and technical structure; with the aid of self-assessment questionnaires using predefined indicators;
  • Awareness-raising and training courses; with basic courses for all staff and advanced modules for top and middle management; in line with NIS2 guidelines;
  • Specific and highly qualified tests on vulnerability analysis; phishing treatment and ransomware risk assessment;
  • Support from dedicated consultants during the remediation phase following the assessment;
  • Specialised support from dedicated consultants to guide strategic decisions in the field of cybersecurity.


Our solution includes analysis of compliance with NIS2 regulations; which is certainly the most urgent concern; but can also accompany the customer in the project management of the remediation phase; i.e. the phase in which the customer must remedy the various 'flaws' identified in the diagnosis process; and is the phase in which the difficulties of some companies are most apparent; both in terms of internal skills and the availability of time and resources.

Povezani članci

Možda će vam se svidjeti i

Uvidi

Barometar upravljanja troškovima za 2025. godinu: Izdanje za maloprodaju i veleprodaju

Uvidi

SORP 2026: Šta dobrotvorne organizacije trebaju znati i kako se pripremiti

Uvidi

Praznina u nadzoru: Kada je optimizacija troškova „već pokrivena“

Uvidi

Skriveni troškovi u raspodjeli naknada za usluge: Šta finansijski direktori trebaju razumjeti kao zakupac

Uvidi

2025. godina završena: Troškovi, složenost i put do 2026. godine

Uvidi

Tržišna inteligencija 2026.1

Uvidi

ERA Grupa se pokreće u Indiji!

Uvidi

Tražilica goriva: Alat za transparentnost ili poticaj profita?

Uvidi

Kako izgraditi otporno digitalno jezgro

Uvidi

Vještačka inteligencija u nabavci: Pretvaranje finansijske inteligencije u strukturnu prednost

Uvidi

ERA Grupa imenuje Marcela Lala za novog globalnog direktora za razvoj

Uvidi

Obavještajni podaci o troškovima u akciji – Zdravstvo

Uvidi

Smanjenje profita nakon vrhunca: Prioriteti za izvršne direktore i finansijske direktore maloprodaje u prvom kvartalu

Uvidi

Više od otpornosti: Priručnik za rast lanca snabdijevanja za 2026. godinu

Uvidi

Troškovi proizvodnje, troškovi transporta: Proizvodnja u svijetu visoke energije vođenom tarifama

Uvidi

Otporna (ali i dalje neizvjesna) svjetska ekonomija

Uvidi

Zašto lideri neprofitnih organizacija moraju postići više s manje – i to dokazati

Uvidi

Od ugovora do prednosti: Kako lideri pretvaraju ugovore s dobavljačima u motore za poboljšanje performansi

Uvidi

Izvršna direktorica BNI Globala, Mary Kennedy Thompson, pridružuje se ERA Grupi kao savjetnica upravnog odbora.

Uvidi

5 prioriteta nabavke za 2026. godinu: Od vidljivosti troškova do troškovne inteligencije

Uvidi

Škotski problem gostoprimstva: Kada više cijene učine preživljavanje pravim izazovom

Uvidi

Preispitivanje tehnologije: Napredak kada promjena nikad ne spava

Uvidi

Tenzije na Bliskom istoku i njihov utjecaj na poslovne troškove

Uvidi

Šok kod poslodavca u Sjevernoj Irski: Zašto zapošljavanje odugovlači - i kako to ublažiti

Uvidi

Strateška moć nabavke

Uvidi

Izgradnja jače budućnosti za industriju videoigara u Velikoj Britaniji

Uvidi

Sukob u Iranu utiče na fiksne tarife za električnu energiju i plin

Uvidi

Barometar upravljanja troškovima za 2026. godinu

Uvidi

Dan kada je i struja počela pokazivati ​​znak "rasprodato"

Uvidi

ERA Grupa identificira četiri ključna izazova koji prisiljavaju firme za profesionalne usluge da hitno djeluju

Uvidi

Aranžmani o vremenu plaćanja u vremenima oporezivanja

Uvidi

Tržišna inteligencija 2025.4

Uvidi

Gašenje PSTN-a: Obavezna promjena pred nama

Uvidi

Hoće li vaš brend opstati ili će uspjeti?

Uvidi

Oblikovanje budućnosti: Finansijski izazovi privatnog zdravstva i farmaceutske industrije za 2026. godinu

Uvidi

Šta kompanije sa 10+ zaposlenih moraju uraditi sada

Uvidi

Turbulentna vremena: Eskalacija na Bliskom istoku i o čemu britanska preduzeća trebaju razmišljati sada

Uvidi

Vilmers UAB bira ERA Group za optimizaciju troškova

Uvidi

Q'4-2025: Vijesti o proizvodnji potrošnog materijala i ambalaže

Uvidi

Potražnja za profesionalnim uslugama radi smanjenja troškova vrtoglavo raste

Uvidi

Šta sam ja…

Uvidi

Perspektiva tržišta ekspresnih i paketnih usluga za 2025. godinu

Uvidi

5 savjeta za optimizaciju troškova u turističkom sektoru i osiguranje lanca snabdijevanja

Uvidi

Agenda... Sara Monte e Freitas

Uvidi

Šta kraj Microsoft EA popusta znači za vaše poslovanje

Uvidi

Novi partner u ERA Grupi u Portugalu

Uvidi

Cilj 2030: Pokrenuti održivu transformaciju vaše kompanije

Uvidi

Tri je bio broj koji je pošao po zlu

Uvidi

Kibernetička sigurnost: strateški stub za održivost poslovanja

Uvidi

Na putu: Bilten za teretni promet za treći kvartal

Uvidi

Paket za nabavku ERA Grupe kombinuje ljudsku inteligenciju i vještačku inteligenciju kako bi redizajnirao proces zahtjeva za prijedloge (RFP)

Uvidi

ERA Grupa predstavlja četiri mjere za kompanije kako bi povećale efikasnost i otpornost kroz optimizaciju vode

Uvidi

Treći kvartal 2024.: Vijesti o proizvodnji; potrošni materijal i ambalaža

Uvidi

Četiri područja potrošnje koja bi ugostiteljska i rekreacijska preduzeća trebala odmah preispitati

Uvidi

Dobrodošli novi partner Johan de Bie

Uvidi

Finansijska otpornost: Kako se proizvođači hrane u Kaliforniji mogu pripremiti za 2026. godinu

Uvidi

Pripremate li se za ponovno otvaranje poslovnih prostorija? Preporuke za pravilnu dezinfekciju

Uvidi

ERA tim je ojačan dolaskom novog partnera

Uvidi

Održavanje humanosti u doba umjetne inteligencije

Uvidi

Da li „dovoljno dobro“ košta vašu kompaniju novca?

Uvidi

ERA Grupa ističe tri strategije za oporavak turizma

Uvidi

Treći kvartal 2025.: Vijesti o proizvodnji; potrošnom materijalu i pakovanju

Uvidi

Stavanger Steel potpisao sporazum sa ERA-om o optimizaciji troškova

Uvidi

Upravljanje promjenama; ključ za ispunjavanje očekivanja

Uvidi

Sponzorstvo 3. portugalskog kongresa menadžera

Uvidi

Snalaženje u carinskim turbulencijama: Ažuriranje za ANZ pošiljatelje

Uvidi

Neprobojne kompanije

Uvidi

Dobrodošli novi partner Wouter Blom

Uvidi

Nedostatak sirovina ubrzava transformaciju u transportu

Uvidi

Webinar: Vaše tajno oružje za uštedu novca u hotelskoj industriji

Uvidi

Griješiti je ljudski, ali ne samo

Uvidi

ERA sklapa partnerstvo sa Hapro Electronics AS

Uvidi

Kibernetička sigurnost u digitalnom okruženju

Uvidi

Da li je vaše srednje preduzeće spremno za ekonomski pad?

Uvidi

4 tehnike za redizajniranje strategije nabavke i osiguranje kontinuiteta poslovanja

Uvidi

ERA Grupa jača svoje nacionalno prisustvo dodavanjem tri nova partnera

Uvidi

Dobrodošli, novi partner John Smith

Uvidi

Šta vam vaš izvještaj o dobiti i gubitku ne govori: Otkrivanje ušteda putem informacija o troškovima

Uvidi

Prvi kvartal 2025.: Vijesti o proizvodnji potrošnog materijala i ambalaže

Uvidi

Nikada ne pitajte berberina da li vam je potrebno šišanje

Uvidi

Kako bi nas kriza s kontejnerima i brodarstvom mogla ostaviti bez Božića

Uvidi

Promjene u licenciranju Microsofta u 2025. godini: Zašto bi američke kompanije trebale djelovati odmah

Uvidi

SSG bira ERA Grupu kao pouzdanog partnera za optimizaciju troškova i poboljšanje procesa.

Uvidi

Mjere zaštite okoliša "Stavite u vreću"

Uvidi

ERA udružuje snage s kampanjom solidarnosti Mreže za hitne slučajeve hrane

Uvidi

Hofseth International AS bira ERA grupu

Uvidi

Kako se troškovi zdravstvene zaštite mogu optimizirati bez ugrožavanja zdravlja pacijenata?

Uvidi

Iskoristite svoje vrijeme maksimalno: vrijeme je važno

Uvidi

Drugi kvartal 2025: Vijesti o proizvodnji; potrošnom materijalu i pakovanju

Uvidi

Pet znakova upozorenja da vaša kompanija dostiže plato

Uvidi

ERA Grupa konsoliduje svoje aktivnosti u Kataloniji uz dodavanje tri nova partnera

Uvidi

Unutar posla: Ključne aktivnosti u mjesecu

Uvidi

Otkazivanje narudžbi je na vrhu liste poteškoća s kojima se suočavaju poduzetnici

Uvidi

Intervju s našim novim partnerom Ronaldom Batenburgom

Uvidi

ERA Grupa sponzorira nagradu Castilla y León Económica za najboljeg rukovodioca

Uvidi

5 koraka koji vam mogu pomoći da ubrzate oporavak vaše kompanije

Uvidi

Poljoprivredno-prehrambeni sektor: 3 područja u kojima umjetna inteligencija potiče održivost u sektoru

Uvidi

NORBIT ASA ulazi u saradnju sa ERA grupom.

Uvidi

Kompanija Expense Reduction Analysts mijenja ime u ERA Group i objavljuje novo rukovodstvo.

Uvidi

ERA Grupa na godišnjici AER-a (Španskog udruženja trgovaca na malo)

Dobijte uvide koji pokreću vaše poslovanje

Registrujte se
Hvala vam! Vaša prijava je primljena!
Ups! Došlo je do greške prilikom slanja obrasca.
value through insight
Prevoditelj teksta

E R Associates (Europe) Ltd
Registered in England and Wales, No. 08258451

Suite 24, 40 Churchill Square
Kings Hill
West Malling, Kent ME19 4YU
United Kingdom

Pronađite konsultanta
Optimizacija troškova
Stručnost u sektoru
Studije slučaja
Uvidi
O nama
Kako radimo
Karijere
Kontakt
Politika privatnosti
Uslovi i odredbe
Pravila o kolačićima
logo-vimeo
© ERA Grupa. Sva prava pridržana.