NIS2: Leaders are personally responsible
This is THE NIS2 revolution: it requires management bodies to be involved, trained and accountable when it comes to cybersecurity.
The European directive NIS2 is changing the situation: cybersecurity is no longer just a technical matter, it is becoming a direct responsibility of managers. In the event of a breach, management may be held personally liable.
The role of leaders
NIS2 requires active governance:
- Name a cybersecurity point of contact
- Learning about the challenges
- Organize regular reviews
- Documenting safety decisions
- Develop an incident response plan
Concrete examples
- Walloon clinic victim of a ransomware: without PRA or backup, the CEO is blamed for insufficient governance.
- Brussels SMEs subcontractor of a critical service: hacked, it exposes a customer. Its management is punishable for lack of risk mapping.
- Walloon company having chosen an IT supplier without an audit: data leak, management remains responsible for third parties according to NIS2.
More than a technical question
It's no longer just about protecting servers, but about maintaining the reputation, compliance, and personal responsibility of managers.
NIS2 requires leaders to anticipate and be actively involved.
No items found.
No items found.
05
Do you want to contact us?
Let's discuss the best solution for your organization together.
