Whether you are aware or not of the NIS Directive, it is something that governments are taking seriously.  Like GDPR, it comes into effect in May 2018 and won't be impacted by Brexit.

Although no one is certain what shape or size the implementation will take, it is certain that there will be big fines and regualtory action taken for those who are deemed not to have adequate security measures in place.

Given the rise in frequency and effect of cyber attacks, it is essential that organisations continue to enhance their awareness and readiness.  This does not mean focusing on technology alone.  As this article points out, most breaches relate to phishing, viruses, spyware or malware, therefore staff awareness and training are paramount to a successful cyber-defense.

It is also important not to become complacent and therefore an independent vulnerability assessment can provide useful insights on where and how to improve your cyber-posture.  Although the NIS Directive will not impact all industries, it will become a yardstick to be measured by, therefore it is something everyone needs to be aware of.