cyber-services-banner-desktop

NIS2 Compliance Assessment

Are you ready for NIS2 compliance? Understand your gaps and build long-term digital and operational resilience

NIS2 replaces the original NIS Directive from 2016, which sought to set a high level of cybersecurity across critical infrastructure across the EU. NIS2 is an important update, with the original NIS directive considered to have limited scope and lack of consistency in its application by member states. NIS2 therefore includes an expanded scope of EU impacted entities and a wider supervisory and coordinated regime from member states which entities will need to register with.

How has NIS2 changed from NIS Directive ?

Requirements

NIS Directive

NIS2 Directive

Risk Management Requirements

Required entities to implement "appropriate and proportionate" security measures

Imposes stricter requirements, focusing on:

  • Supply chain security and third-party risks
  • Incident response planning
  • Encryption
  • Business continuity
Sectors in Scope
  • Banking
  • Healthcare
  • Energy
  • Transport
  • Digital Service Providers
  • Water Supply
  • Digital Infrastructure

Expanded scope adding the following new sectors:

  • Space
  • Public Administration
  • Waste and Wastewater Management
  • ICT Service Management
  • Providers of Public Electronic Communications Networks or Services
  • Chemicals
  • Food
  • Research
  • Postal and Courier Services
Reporting Requirements

Reports cyber incidents to national authorities within a reasonable timeframe

  • Incidents reported within 24 hours
  • Follow-up reports required after 72 hours
  • Final detailed report within a month

Penalties

Allowed member states to set penalties for noncompliance

  • Essential Entities - up to €10 million euros or 2% of global annual turnover
  • Important Entities - up to €7 million or 1.4% of their global annual turnover

How Kroll Can Help You Achieve NIS2 Compliance

Kroll has a long track record of working with organizations across critical infrastructure sectors, enabling them to achieve their security and regulatory goals across multiple jurisdictions. We leverage agile methodologies and accelerators and frontline intelligence from thousands of incident response cases a year, to provide support and prepare your organization to meet NIS2 requirements.

Understand Your Maturity in Relation to NIS2 Requirements

Gap assessment of your NIS2 compliance maturity against specific provisions highlighting key weaknesses and key recommendations.

Have a Clear Roadmap to NIS2 Compliance While Reducing Longer Term Risk

Clear roadmap toward NIS2 compliance with priority tasks and key milestones. An action tracker is also provided with recommended owners to help stakeholders in effective project management.

Implement Remedial Measures to Maintain Cyber Resiliency

With our portfolio of advisory, transformation and managed services, we can assist you with the implementation of NIS2-aligned policies and procedures, controls and services such as incident management, business continuity, third-party risk management.

How It Works

Our three-phased approach helps organizations of all sizes address any stage of NIS2 compliance:

Gap Assessment

As part of our gap assessment, we provide a clear risk rating against NIS2 requirements, whilst giving a quantitative measure of compliance status covering:

Governance

  • Allocation of responsibilities (board, committees and individuals)
  • Training of management and all employees

Cyber Risk Management

  • Designing, developing, availability and consideration of risk in systems
  • Supply chain security
  • Basic cyber hygiene, encryption, access and HR security
  • Existence of comprehensive policies and procedures for risk management

Reporting and Registering Articles

  • Reporting incidents
  • Reporting vulnerabilities
  • Collaboration
  • Registration
  • Breach notification

Roadmap

Off the back of the assessment, we provide you with a roadmap report along with an action tracker for effective project management including:

  • Target levels of compliance and maturity in each assessment area
  • Actionable tasks with effort ratings
  • Reasonable timeframes for completion of individual tasks
  • Recommend task owners

Implementation and Remediation 

Having identified NIS2 compliance key gaps, Kroll can assist with senior advisory support with regards to compliance adherence of remediation initiatives such as:

Kroll can also support with the review and development of policies, procedures, reports, mappings and risk assessments, leveraging specially-tailored templates.

NIS2 Compliance Assessment in Your Cyber Risk Retainer

Our NIS2 Compliance Assessment, along with many other cybersecurity and compliance services, can be delivered as part of Kroll’s ultra-flexible Cyber Risk Retainer. In addition to prioritized access to Kroll’s elite digital forensics and incident response team ahead of and in the event of an incident, the Retainer can also be used for services like penetration testing, risk assessments and tabletop exercises, to name just a few.

 

Why Kroll?

  • Experience in Building Multi-jurisdictional Governance Programs

Our team consists of experts  who have designed and led numerous compliance audits at large multi-jurisdictional organizations, assessing and evaluating domains across cyber strategy, governance and procedural controls in the context of regulatory requirements and industry standards including ISO27001, COBIT and NIST, DORA, NIS2, SAMA CSF and more.

  • Experienced, Accredited Cybersecurity Professionals

700+ skilled and certified cybersecurity experts across the globe, experienced in not only helping clients comply with multiple regulations but staying resilient ahead of the changing landscape.

  • Solutions across the NIS2 Maturity Lifecycle

Our solutions can address all aspects of NIS2 compliance and maturity; from assessing all possible gaps/weaknesses and advising on remediation with our consultancy expertise to implementing the right controls and services.

  • Unrivalled Frontline Intelligence

With unrivalled exposure to thousands of incident response cases each year, we know what’s needed to stay resilient to cyber threats.

  • Fast Implementation, Built on Previous Engagements

We leverage our NIS2-tailored policies and procedures templates to provide immediate value as we roll out your tailored program.

Stay Ahead with Kroll

Cyber and Data Resilience

Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident responses and regulatory compliance, financial crime and due diligence engagements to make our clients more cyber- resilient.

Learn More

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Learn More

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

Learn More

Threat Exposure Management

Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.

Learn More

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Learn More

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Learn More

Explore Insights

News

img

Let's solve for the future

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.