Whether you are aware or not of the NIS Directive, it is something that governments are taking seriously. Like GDPR, it comes into effect in May 2018 and won't be impacted by Brexit.
Although no one is certain what shape or size the implementation will take, it is certain that there will be big fines and regualtory action taken for those who are deemed not to have adequate security measures in place.
Given the rise in frequency and effect of cyber attacks, it is essential that organisations continue to enhance their awareness and readiness. This does not mean focusing on technology alone. As this article points out, most breaches relate to phishing, viruses, spyware or malware, therefore staff awareness and training are paramount to a successful cyber-defense.
It is also important not to become complacent and therefore an independent vulnerability assessment can provide useful insights on where and how to improve your cyber-posture. Although the NIS Directive will not impact all industries, it will become a yardstick to be measured by, therefore it is something everyone needs to be aware of.
Firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyber-attacks, the government has warned. The crackdown is aimed at making sure essential services such as water, energy, transport and health firms are safeguarded against hacking attempts. Digital Minister Matt Hancock...said: "We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack." ...And the threat to firms from cyber-attacks appears to have grown. Nearly half (46%) of British businesses discovered at least one cyber-security breach or attack in the past year, a government survey earlier this year found.