The EU has introduced NIS2, an updated Network and Information Security Directive, with enhanced security rules and reporting requirements for a broader range of organisations. The directive addresses increasing global ransomware attacks and the complex cybersecurity landscape. EU member states must implement the law by 17th October 2024, including establishing computer security incident response teams. Organisations must also institute policies for risk analysis, information system security and cybersecurity risk management. Penalties for non-compliance could reach €10 million or 2% of global annual revenue for essential entities.
Report: CISO responsibility is expanding beyond cybersecurity
CISOs are facing expanding responsibilities, yet only 3% have received a pay raise to reflect this.
