Today, everyone is convinced of the importance of cyber security. This is precisely why Inetum wants to encourage organizations to work on a cybersecurity maturity analysis and roadmap in the run-up to NIS2. That should allow sufficient time to take the necessary measures to (continue to) operate safely, in compliance with the new NIS2 Directive.
Starting the analysis now is imperative
The new NIS2 Directive will apply to "essential" and "significant" companies of certain sizes within certain industries. Eleven (11) sectors have been added since NIS1. Within the category of essential enterprises, there is another subcategory of "critical" enterprises. Each Member State shall decide which companies are included and which are not. The CCB estimates that some 2400 organizations in Belgium will be affected by this new directive.
Clarity will not come in any case until the end of this year or in early 2024, when the CCB expects to have finished its preparatory work. But the directive must already be implemented by the relevant organizations by Oct. 17, 2024. If the directive is to be implemented next year, the necessary security specialists, budgets and resources will have to be provided for it. Inetum has 92 security specialists available in Belgium, but also works with its nearshore specialists in Spain. Thus, it is imperative to start the analysis now so that the roadmap and the budgets can be in place. Ideally, things can also be implemented this year, so that the costs are spread out, says Jo Leemans, Director of Infrastructure, Outsourcing and Resell at Inetum in Belgium.
Cybersecurity maturity analysis to gain insight
The Belgian government has yet to convert the directive into law, so the final legislation is not yet entirely clear. However, all Member States of the European Union must ensure that the relevant organizations apply the necessary measures and be held liable for failing to do so.
The minimal measures are already known, including a mandatory risk analysis, an incident response plan, cybersecurity training for management, a business continuity plan and a written policy and procedures for evaluating the effectiveness of the adopted security measures.
Finally, appropriate technical, operational and organizational measures will have to be taken to manage security risks, prevent incidents or mitigate their effects.
To avoid becoming a victim of cybercrime or at least minimize that chance, we actually recommend that every organization upgrade its cybersecurity to the level required by NIS2. Organizations that do not fall within the stated sectors of NIS2 will also benefit from a maturity analysis so that they know where they stand and the extent to which they are protected against possible attacks. NIS2 is betting hard on the relationship between a company and its suppliers. Companies that fall under NIS2 will have to assess the security level of their suppliers, meaning that, as a supplier, you will soon fall under NIS2 indirectly as well, concludes Koen Tamsyn, Solution Manager of Cybersecurity at Inetum in Belgium.
About Inetum, focusing on a Positive Digital Flow
Inetum is an agile IT services company providing digital services and solutions, and a global group helping companies and institutions get the most out of the digital flow. In a context of continuous movement, where needs and uses are constantly reinvented, the Inetum Group helps all these players to innovate, adapt and stay ahead. With its multi-expert profile, Inetum offers its customers a unique combination of proximity, sector-based organisation and industrial-quality solutions. The group operates in more than 27 countries, employs nearly 27,000 people and generated a turnover of EUR 2.2 billion in 2021.
For more information, please contact:
Contact person at communication partner for Inetum in Belgium
Aurélie Decoster at Luna
+32 495 59 38 00
Inetum in Belgium Press Relations
Katrien de Raijmaeker
External Communications Manager