CEOs still not involved enough in NIS2

CEOs still not involved enough in NIS2

An investigation of the Samen Digitaal Veilig platform shows that company CEOs are still insufficiently involved in the NIS2 implementation. IT teams struggle to convey the importance of legislation to their organization's board.

The new regulations are therefore not yet a priority at board level.

The new regulations are not yet experienced as a priority at board level, while NIS2 (in the Netherlands: Cyberbeveiligingswet) defines a number of clear responsibilities and liability for directors. The most important of these are:

• The governing body (the board) is responsible and liable. This applies to the entire board, and not just the person with IT in their portfolio;
• The board approves the measures to be taken to manage cyber risks and supervises their implementation;
• Members of the governing body undergo training so that they have sufficient knowledge and skills in the field of cyber risks, the associated control measures and their consequences on services. This rule applies to all members of the board or management team, not just the board member with IT in his or her portfolio;
• Organizations are encouraged to provide similar training to their employees on a regular basis.

It is therefore important that directors acquire the right knowledge and skills as quickly as possible to take on their role under NIS2. Digital Security Institute provides NIS2 boardroom training courses, which brings the required skills and awareness on par.