In 2017, Cybersecurity Ventures predicted that the global cost of damage from ransomware would reach $2021 billion by 20, which is also the current estimate for 2022 — and 57 times the financial damage of 2015.
The global security market is currently worth around 150 billion US dollars, which according to current forecasts will increase to 208 billion by the end of the year and 400 billion US dollars in 2026. Data also shows that EU companies spend, on average, 41 percent less on cybersecurity than US companies.
state of things
A crucial cornerstone for cybersecurity investment decisions is now NIS2. Andreas Riepen, Head Central & Eastern Europe at Vectra AI, explains the current state of affairs and how the NIS 2 requirements can also be met with the help of AI-based security technology:
The original NIS Directive (Network and Information Security) was the first EU-wide cybersecurity law that came into force in 2016. The aim was to achieve a higher and more uniform level of security for network and information systems throughout the European Union. In view of the rapid increase in digitization since then, a revision was necessary. This is where NIS2 came from.
Better cybersecurity with NIS2
NIS2 marks another milestone in setting requirements for EU-based companies to ensure more cybersecurity and a consistent level of security in the years to come. It also clearly sets out the reporting requirements and the consequences of improper implementation. Like the cybersecurity industry ecosystem, NIS2 strives to improve cooperation in the EU. The establishment of the European Cyber Crises Liaison Network (EU-CyCLONe) to support the coordinated response to large-scale cybersecurity incidents at EU level is also to be welcomed.
NIS2 provides increased security requirements and targeted measures, including incident response and crisis management, as well as vulnerability management and disclosure. NIS2 also calls for policies and procedures for evaluating the effectiveness of cybersecurity risk management measures, as well as basic computer hygiene practices and cybersecurity training. Other requirements include the effective use of cryptography, security of human resources, and access control and asset management.
Which companies NIS2 applies to
The number of sectors covered has been expanded by eight more sectors in NIS2, for a total of 15 sectors. NIS2 now includes the following “essential” sectors: energy (electricity, oil, gas, heat, hydrogen), health (utilities, laboratories, research and development, pharmaceuticals), transport (air, rail, water, road), banks and financial markets , Water and Wastewater, Digital (Internet Exchange Point Providers, DNS Service Providers, TLD Name Registrations, Data Center Service Providers, Cloud Computing Service Providers, Content Delivery Network Providers, Trust Service Providers) and ICT Service Management, Space and public administration. "Important" sectors are postal and courier services, waste management, chemicals, food, industry (technical and engineering), digital services (online marketplaces, online search engines, social networks) and research.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
start implementation
Member States have until the end of 2025 to transpose the NIS2 requirements into national law. Compliance with the NIS2 directive is important in Europe as it helps ensure the security and resilience of critical information infrastructure such as energy, transport and healthcare systems. By implementing the NIS2 directive, companies can better protect themselves against cyber attacks and contribute to the overall security of the digital landscape in the EU. On the other hand, non-compliance with the NIS2 directive can result in financial penalties and damage to reputation.
Achieve NIS2 compliance
Three aspects are crucial for companies to be able to quickly and efficiently identify and respond to cyber threats, as required by NIS2: A security platform with Attack Signal Intelligence, based on artificial intelligence and special algorithms, makes it possible to detect unknown cyber threats. The security platform should be easy to use, highly automated and allow integration with partner solutions from the cybersecurity ecosystem. Last but not least, it is about the transformation of security operations, i.e. the necessary support from the security provider to meet the challenges of today and tomorrow.
More at Vectra-AI.com
About Vectra
Vectra is the leading provider of AI-driven threat detection and response for the hybrid cloud. Only Vectra optimizes AI to specifically detect attack methods—the TTPs (Tactics, Techniques, and Procedures) that underlie all attacks—rather than just imprecisely warning. The resulting reliable threat signal and clear context enables cybersecurity teams to quickly respond to threats and prevent successful attacks that escalate into security breaches.