• Blog
  • Prepare for NIS2: The new European cybersecurity directive

Prepare for NIS2: The new European cybersecurity directive

Nick Nieuwenhuis
22 Oct, 2023

A growing societal dependence on IT has led to an increase in cyber threats. This calls for stricter regulations, including the establishment of more stringent requirements in the EU. The revamped NIS2 directive forces businesses to improve their cybersecurity. This includes securing the entire supply chain, with small and large components, on-site and remotely.

On 17 October 2024, the new NIS2 directive officially goes into effect. NIS stands for Network and Information Security, and is aimed at increasing cybersecurity within organizations as well as throughout the supply chain. There’s a good chance that you soon will fall, directly or indirectly, under the new directive. It’s expected that NIS2 will have a direct impact on 16,000 companies and organizations in the Netherlands. 

To whom does NIS2 apply?

The NIS2 classifies organizations into two categories: essential or important. The table below shows which sectors fall under each category, including the criteria that classify them as such. Digital service providers are subject to the directive regardless of their turnover or number of employees.

Essential sectors

  • Energy
  • Transport
  • Banking
  • Financial market infrastructure
  • Healthcare
  • Potable water
  • Digital infrastructure
  • ICT service providers
  • Wastewater
  • Government Services
  • Space Exploration


  • Minimum 250 employees, or;
  • Annual turnover exceeding € 50 million AND a total balance sheet exceeding € 43 million.

Important sectors

  • Digital providers
  • Postal and courier services
  • Waste management
  • Food Chemicals
  • Research Manufacturing


  • Minimum 50 employees, or;
  • Annual turnover and balance sheet exceeding € 10 million.

What can I do to prepare?

Because the measures have not yet been translated into (Dutch) law, it is not clear how organizations will be audited for (non)compliance. However, there are a number of actions your organization can take to improve cybersecurity and prepare itself for the arrival of NIS2. We have summarized the key actions for you below:
  • 1

    Conduct a Security Assessment

    By having a third-party conduct a Security Assessment, you get insights into your weaknesses and recommendations to improve your cyber security. HSO can assist you by scanning both your on-site and cloud systems. 

  • 2

    Implement MFA

    Leverage multi-factor authentication (MFA) on all accounts and monitor for coverage gaps: holes that allow some accounts to bypass your MFA policy. MFA protects against 98% of cyber-attacks, but nearly every organization has MFA policy gaps, which make your digital infrastructure more vulnerable than you think. 

  • 3

    nsure you have a robust risk management approach

    Ensure that you identify and analyze your (digital) risks, and that you can address them based on standard risk levels. Do this for all cyber risks in the chain, and assess the level of (digital) security of your partners. Don’t allow them to become a springboard that compromises your own organization.

  • 4

    Establish security monitoring and incident response

    Ensure that cyber risks are monitored and addressed 24/7. You can take care of this yourself or outsource it to a security partner like HSO. Adequate incident response is critical to intercept cyber threats in an early stage, in case preventative measures have not been effective enough. Consider coverage during overnight hours, weekends, and holidays, when you might not have your own capacity.

  • 5

    Ensure you have a good Security Awareness program

    Your employees are your biggest asset when (technical) security measures fail. Ensure that employees know how to handle security attacks such as phishing or ransomware. Don’t focus only on phishing simulations. These have very limited effectiveness and can be extremely expensive. Consider instead adequate technical measures and educate your employees continuously by leveraging training and gamification.

Contact us

In short, there is plenty that you can do before the NIS2 measures go into effect. It may seem daunting, but 17 October 2024 will be here before you know it. So don’t hesitate to ask for help. At HSO we are ready to help you improve your cybersecurity.

By using this form you agree to the storage and processing of the data you provide, as indicated in our privacy policy. You can unsubscribe from sent messages at any time. Please review our privacy policy for more information on how to unsubscribe, our privacy practices and how we are committed to protecting and respecting your privacy.


Meer over Security