Italy
Der blev ikke fundet nogen resultater.
Der blev ikke fundet nogen resultater.
Cybersecurity
Alle indlæg

NIS2; risks and opportunities for businesses

forfattere

Fabio Borri
Der blev ikke fundet nogen resultater.

Indhold

Dette bliver den URL, der skal kopieres

Introduction and regulatory references


NIS is an acronym that stands for "Network and Information Security".

With this acronym; the European Community intended to denote the legislative effort to define a standardised approach to cyber security in all EU Member States.

In 2018; the first European regulation called NIS1 (EU Directive 2016/1148) was passed; transposed at national level by Legislative Decree 65 of 18/05/2018.

The NIS Decree also provided for the adoption of a 'national cyber security strategy' by establishing the Italian CSIRT (Computer Security Incident Response Team) with technical tasks related to the prevention; response and monitoring of cyber incidents; in collaboration with European CSIRTs.

NIS1 was subsequently superseded by NIS2 (EU Directive 2022/2555); transposed at national level by Legislative Decree 138 of 4 September 2024.

NIS 2 aims to overcome the limitations of NIS 1; which left too much discretion to Member States during transposition; resulting in a failure to achieve the objective of harmonisation; and also excluded certain categories of entities that should have been regulated because of their importance to the European market.

Furthermore; NIS2 was introduced to respond to the increase in the rate of digitisation that has taken place in all Member States and has been accelerated by the pandemic; which has expanded the surface area for cyber attacks without a corresponding increase in security systems.

Finally; another objective of NIS2 is to oblige operators of essential and important services and digital service providers to adopt adequate security measures and to report incidents promptly to the competent authorities and users of their services.

The new directive has been aligned with other specific European sectoral regulations; including:

- the Directive on Digital Operational Resilience for the Financial Sector (DORA). This is the Regulation approved on 10/11/2022 with the aim of increasing security measures in favour of the resilience and cybersecurity of the financial sector through the implementation of a series of mandatory security measures that guarantee the integrity of information and the cybersecurity of services;

- the Critical Entity Resilience Directive (CER); aimed at ensuring legal clarity and consistency between the various directives.

The companies concerned have been divided into:

  • Essential entities (energy; transport; health; water supply; public administration; finance; space; digital infrastructure)
  • Important entities (research; chemicals; food; industrial production; digital providers; postal services; waste)
  • Public bodies: Central government (constitutional and constitutionally relevant bodies; the Prime Minister's Office and ministries; tax agencies; independent administrative authorities) | Regional government (regions and autonomous provinces) | Local government (metropolitan cities; municipalities with > 100;000 inhabitants; regional capitals; local health authorities) | Other public entities (economic regulatory bodies; economic service providers; associations; welfare; recreational and cultural service providers; research bodies and institutions; experimental zooprophylactic institutes) | Other types of entities (entities providing local public transport services; educational institutions carrying out research activities; entities carrying out activities of cultural interest; in-house companies; investee companies and publicly controlled companies)
  • Suppliers: organizations that provide critical services to entities affected by NIS2 must strengthen their digital security; even if they are explicitly included in the mandatory sectors.

Content of NIS2


The general obligations inherent in the content of NIS2 can be summarised on the basis of four main pillars:

Governance: Management must approve the risk management measures adopted by the organization and assess their effectiveness over time: follow regular training on cybersecurity issues and offer similar training to employees.

Risk management: the organization must assess security and network risks and adopt appropriate and proportionate technical; operational and organisational measures to prevent or minimise the impact of incidents on the recipients of its services.

Business continuity: the organization must adopt solutions to ensure business continuity (e.g. backups; disaster recovery plan and crisis management procedure); aimed at minimising the impact of any interruptions to the services provided.

Supply chain: the company must assess the vulnerabilities of each direct supplier and the overall quality of its suppliers' products and cybersecurity practices. The assessment will cover ICT suppliers and other critical suppliers that could cause disruption to the service for which the organization has been included in the NIS2 perimeter.

Companies will therefore be required to be able to measure and report on:

  • Risk analysis and information system security policies
  • Incident management procedures
  • Business continuity solutions (backup and disaster recovery) and crisis management and communication procedures
  • Supply chain security policies (suppliers and service providers)
  • Security in the acquisition; development; maintenance and management of information system and network vulnerabilities

NIS2 Timeline


Companies and public administrations will have to carry out an assessment to understand whether or not they are subject to the obligations of the NIS2 Directive.

From 1 December 2024 to 28 February 2025; companies should have authenticated themselves on the ACN (National Cybersecurity Agency) Portal using their SPID credentials. During this period; users designated as contact points for each company should have completed a declaration via the NIS/Registration Service.

In particular; companies are required to:

  • Indicate whether the entity is part of a group of companies and provide the tax code of the parent company; if applicable.
  • List the related companies and provide their tax codes.
  • List the ATECO codes describing the entity's activity.
  • Indicate the relevant European Union sectoral regulations.
  • Provide turnover; balance sheet and number of employees figures to determine the category of the company.
  • List the types of entities to which the company belongs.


By 17 January 2025; operators of top-level domain name registries; providers of domain name system and domain name registration services; cloud computing; data centers; content delivery network providers; managed service providers; managed security service providers; as well as online marketplace providers; online search engine providers and social networking service platform providers should have registered on the platform.

By 31 March 2025; the ACN compiled a list of essential and important entities based on the registrations received through the platform.

Between 1 April 2025 and 15 April 2025; the ACN notified the entities concerned whether they had been included in the list of essential or important entities.

By 15 April 2025; the entities that received the notification were required to appoint; by means of a specific act; an entity responsible for fulfilling the obligations of the decree.

After that; the entities affected by the Directive will have to comply with further requirements:

  • by 1 January 2026; incident reporting obligation
  • by 1 October 2026; obligations regarding administrative bodies and security measures must be fulfilled


Each year; the ACN will update the list of entities involved. Companies and public administrations will have the opportunity to register each year; between January and February; if they consider themselves to be among the entities concerned.

Risks for companies but also opportunities


Following the entry into force of NIS2 and the identification of the operators involved; the competent authorities may carry out surveillance and spot checks to verify their compliance with the Directive. In the event of non-compliance; penalties will be applied to the companies involved.

The penalties are very severe: for large companies; up to €10 million or 2% of global turnover; for medium-sized enterprises; up to €7 million or 1.4% of global turnover.

Although compliance with the regulations requires a clear effort and investment on the part of companies; it must also be recognized that the regulations themselves seek to provide a substantial remedy to the problem of cyber attacks; to which Italian companies are still very susceptible and which they often tend to cover up for image reasons. In economic terms; the estimated average damage for each individual cyber attack is more than €2 million; regardless of the company's turnover.

How ERA can help with NIS2 compliance management


Despite all of the above; which might suggest that companies are extremely interested and involved in cyber security issues; it is not uncommon; especially among small SMEs; to find companies that have done little or nothing about these issues and are currently unable to define their position in terms of the risks to which they are exposed; both from a technical point of view and in terms of compliance with the various existing regulations.

Some companies address the issue of cybersecurity through insurance coverage. However; insurance companies are often reluctant to offer this type of protection to companies that have never taken concrete action in the cyber sphere. This is because there is no reliable method for accurately estimating the damage caused by a cyber attack. As a result; 'NIS2 packages' focus on cyber risk assessment services; but leave it up to companies to take the necessary measures to address any gaps. ERA can offer a more comprehensive service; relying on a network of highly qualified suppliers at very competitive commercial terms.

In detail; ERA's support consists of:

  • An assessment of the company's organisational and technical structure; with the aid of self-assessment questionnaires using predefined indicators;
  • Awareness-raising and training courses; with basic courses for all staff and advanced modules for top and middle management; in line with NIS2 guidelines;
  • Specific and highly qualified tests on vulnerability analysis; phishing treatment and ransomware risk assessment;
  • Support from dedicated consultants during the remediation phase following the assessment;
  • Specialised support from dedicated consultants to guide strategic decisions in the field of cybersecurity.


Our solution includes analysis of compliance with NIS2 regulations; which is certainly the most urgent concern; but can also accompany the customer in the project management of the remediation phase; i.e. the phase in which the customer must remedy the various 'flaws' identified in the diagnosis process; and is the phase in which the difficulties of some companies are most apparent; both in terms of internal skills and the availability of time and resources.

Relaterede artikler

Det her kunne også falde i din smag

Indblik

Barometer for omkostningsstyring 2025: Detail- og engrosudgave

Indblik

SORP 2026: Hvad velgørenhedsorganisationer bør vide, og hvordan de forbereder sig

Indblik

Overvågningskløften: Når omkostningsoptimering er »allerede taget højde for«

Indblik

De skjulte omkostninger ved fordelingen af serviceafgifter: Hvad økonomidirektører bør vide som lejer

Indblik

2025 i kort form: Omkostninger, kompleksitet og vejen frem mod 2026

Indblik

Markedsanalyse 2026.1

Indblik

ERA Group går i luften i Indien!

Indblik

Brændstofsøger: Et redskab til gennemsigtighed eller en gevinstforstærker?

Indblik

Sådan opbygges en robust digital kerne

Indblik

Kunstig intelligens i indkøb: Sådan omdannes økonomisk indsigt til en strukturel fordel

Indblik

ERA Group udnævner Marcel Lal til ny global udviklingsdirektør

Indblik

Omkostningsanalyse i praksis – Sundhedssektoren

Indblik

Indtjeningspresset efter toppen: Prioriteter i 1. kvartal for CEO’er og CFO’er i detailbranchen

Indblik

Mere end blot modstandsdygtighed: En strategi for vækst i forsyningskæden i 2026

Indblik

Produktionsomkostninger og transportomkostninger: Produktion i en verden præget af told og høje energipriser

Indblik

Den modstandsdygtige (men stadig usikre) verdensøkonomi

Indblik

Hvorfor ledere i nonprofitorganisationer skal præstere mere med færre ressourcer – og bevise det

Indblik

Fra kontrakt til konkurrencefordel: Sådan forvandler ledere leverandøraftaler til drivkræfter for resultater

Indblik

Mary Kennedy Thompson, administrerende direktør for BNI Global, tiltræder som bestyrelsesrådgiver i ERA Group

Indblik

5 indkøbsprioriteter for 2026: Fra omkostningsoversigt til omkostningsindsigt

Indblik

Skotlands krise i hotel- og restaurationsbranchen: Når højere priser gør overlevelse til den virkelige udfordring

Indblik

Et nyt syn på teknologi: Sådan trives man, når forandringerne aldrig står stille

Indblik

Spændingerne i Mellemøsten og deres indvirkning på virksomhedernes omkostninger

Indblik

Chokket over arbejdsgiverbidrag: Hvorfor rekrutteringen går i stå – og hvordan man kan afbøde det

Indblik

Indkøbets strategiske betydning

Indblik

At skabe en stærkere fremtid for den britiske videospilbranche

Indblik

Konflikten i Iran påvirker de faste el- og gaspriser

Indblik

Barometer for omkostningsstyring 2026

Indblik

Den dag, hvor der også begyndte at stå »udsolgt« på el-skiltet

Indblik

ERA Group peger på fire centrale udfordringer, der tvinger virksomheder inden for professionelle tjenesteydelser til at handle hurtigt

Indblik

Betalingsudsættelsesordninger i svære tider

Indblik

Markedsanalyse 2025.4

Indblik

Nedlukning af PSTN: En uundgåelig forandring venter forude

Indblik

Vil dit brand overleve, eller vil det få succes?

Indblik

Fremtidens udformning: De økonomiske udfordringer for den private sundhedssektor og medicinalindustrien i 2026

Indblik

Hvad virksomheder med mere end 10 ansatte skal gøre nu

Indblik

Urolige tider: Eskalering i Mellemøsten og hvad britiske virksomheder bør overveje nu

Indblik

Vilmers UAB vælger ERA Group til omkostningsoptimering

Indblik

4. kvartal 2025: Nyheder om forbrugsvarer og emballage til fremstillingsindustrien

Indblik

Efterspørgslen efter professionelle tjenester til at reducere omkostningerne skyder i vejret

Indblik

Hvad jeg er…

Indblik

Udsigterne for ekspres- og pakkemarkedet i 2025

Indblik

5 tips til at optimere omkostningerne i turistbranchen og sikre forsyningskæden

Indblik

Dagsordenen for... Sara Monte e Freitas

Indblik

Hvad ophøret af Microsofts EA-rabatter betyder for din virksomhed

Indblik

Ny partner hos ERA Group i Portugal

Indblik

Mål 2030: Fremme en bæredygtig omstilling af din virksomhed

Indblik

Det var tallet tre, der gik galt

Indblik

Cybersikkerhed: den strategiske søjle for bæredygtig forretning

Indblik

På farten: Q3-nyhedsbrev om godstransport

Indblik

ERA Groups indkøbsløsning kombinerer menneskelig intelligens og kunstig intelligens for at modernisere udbudsprocessen

Indblik

ERA Group skitserer fire tiltag, som virksomheder kan iværksætte for at øge effektiviteten og modstandsdygtigheden gennem vandoptimering

Indblik

3. kvartal 2024: Nyheder om fremstillingsindustrien, forbrugsvarer og emballage

Indblik

Fire udgiftsområder, som virksomheder inden for hotel- og fritidsbranchen bør gennemgå lige nu

Indblik

Velkommen til vores nye partner, Johan de Bie

Indblik

Finansiel modstandsdygtighed: Sådan kan fødevareproducenter i Californien forberede sig på 2026

Indblik

Er du ved at gøre klar til at genåbne din forretning? Anbefalinger til korrekt desinfektion

Indblik

ERA-teamet er blevet styrket med tilkomsten af en ny partner

Indblik

At bevare det menneskelige i AI-alderen

Indblik

Koster det din virksomhed penge, at det „er godt nok“?

Indblik

ERA Group peger på tre strategier for genopretning af turismen

Indblik

3. kvartal 2025: Nyheder om fremstilling, forbrugsvarer og emballage

Indblik

Stavanger Steel indgår aftale med ERA om omkostningsoptimering

Indblik

Forandringsledelse; nøglen til at indfri forventningerne

Indblik

Sponsorering af den 3. portugisiske lederkongres

Indblik

Sådan håndteres udsving i fragtrater: En opdatering til ANZ-afsendere

Indblik

Bulletproof-virksomheder

Indblik

Velkommen til vores nye partner, Wouter Blom

Indblik

Mangel på råvarer fremskynder omstillingen inden for transportsektoren

Indblik

Webinar: Dit hemmelige våben til at spare penge i hotelbranchen

Indblik

At begå fejl er menneskeligt, men ikke kun det

Indblik

ERA indgår partnerskab med Hapro Electronics AS

Indblik

Cybersikkerhed i et digitalt miljø

Indblik

Er din mellemstore virksomhed forberedt på en økonomisk nedgang?

Indblik

4 metoder til at omlægge en indkøbsstrategi og sikre forretningskontinuitet

Indblik

ERA Group styrker sin nationale tilstedeværelse med tilkomsten af tre nye partnere

Indblik

Velkommen til vores nye partner, John Smith

Indblik

Hvad dit resultatopgørelse ikke afslører: Find besparelsesmuligheder gennem omkostningsanalyse

Indblik

1. kvartal 2025: Nyheder om forbrugsvarer og emballage til fremstillingsindustrien

Indblik

Spørg aldrig en frisør, om du trænger til at blive klippet

Indblik

Hvordan container- og skibsfartskrisen kan betyde, at vi må undvære julen

Indblik

Ændringer i Microsofts licensvilkår i 2025: Hvorfor amerikanske virksomheder bør handle nu

Indblik

SSG vælger ERA Group som en pålidelig partner inden for omkostningsoptimering og procesforbedring.

Indblik

Miljøtiltag »i hus«

Indblik

ERA slutter sig til solidaritetskampagnen »Food Emergency Network«

Indblik

Hofseth International AS vælger ERA Group

Indblik

Hvordan kan sundhedsudgifterne optimeres uden at gå på kompromis med patienternes sundhed?

Indblik

Få mest muligt ud af din tid: tiden er kostbar

Indblik

2. kvartal 2025: Nyheder om produktion, forbrugsvarer og emballage

Indblik

Fem tegn på, at din virksomhed er ved at stagnere

Indblik

ERA Group styrker sin tilstedeværelse i Catalonien med tilkomsten af tre nye partnere

Indblik

Et kig bag kulisserne: Månedens vigtigste aktiviteter

Indblik

Annullering af ordrer topper listen over de udfordringer, som iværksættere står over for

Indblik

Interview med vores nye partner Ronald Batenburg

Indblik

ERA Group er sponsor for Castilla y León Económica-prisen for bedste leder

Indblik

De 5 trin, der kan hjælpe dig med at fremskynde din virksomheds genopretning

Indblik

Landbrugsfødevarer: 3 områder, hvor kunstig intelligens fremmer bæredygtighed i sektoren

Indblik

NORBIT ASA indgår et samarbejde med ERA Group.

Indblik

Expense Reduction Analysts skifter navn til ERA Group og præsenterer en ny ledelse

Indblik

ERA Group ved AER’s (den spanske detailhandelsforening) jubilæum

Få indsigt, der fremmer din virksomhed

Tilmeld dig
Tak! Din indsendelse er modtaget!
Ups! Der opstod en fejl under afsendelsen af formularen.
value through insight
TM

E R Associates (Europe) Ltd
Registered in England and Wales, No. 08258451

Suite 24, 40 Churchill Square
Kings Hill
West Malling, Kent ME19 4YU
United Kingdom

Find en konsulent
Omkostningsoptimering
Brancheekspertise
Casestudier
Indblik
Om os
Sådan arbejder vi
Karriere
Kontakt
Fortrolighedspolitik
Vilkår og betingelser
Politik om cookies
logo-vimeo
© ERA Group. Alle rettigheder forbeholdes.