Annual review 2022 with the introduction of the cross-sectoral NIS2 Directive and the DORA Regulation for the financial sector . Companies and organisations will have to give a high priority to cybersecurity in the coming years . Christel elaborates :
" The new rules call for Danish companies and authorities to significantly strengthen their cyber resilience . The rules include tightened governance requirements , minimum requirements for risk management , tests and measures , handling of supply chain and supply contract risks , reporting and auditing requirements , and penalties for non-compliance . The rules should not be reduced to a compliance exercise but may be used by companies as a lever for their digital transformation and green objectives while protecting their ' licence to operate '."
How to start working with NIS2 and DORA
No matter how your business is addressing cybersecurity threats today , Christel and Søren recommend the preparation of an initial maturity and gap analysis with specific and operational recommendations stating how you , based on a prioritised action plan , can meet the NIS2 / DORA requirements and achieve an adequate level of protection , both technically , operationally , organisationally , and contractually .
In December 2022 , a new cybersecurity guide for directors and executives was published . The guide provides specific and operational recommendations and proposals and takes into account – to the extent possible – the upcoming NIS2 requirements . We have prepared the guide in collaboration with i . a . the Danish Industry Foundation , the Cyber Competence Centre of the Board Leadership Society , Dubex , the Centre for Cybersecurity , Copenhagen Business School , and the Cyber Security Group of Aalborg University . Read the guide in Danish by clicking the button below .
NIS2 :
A new EU Network and Information Security Directive , which replaces the first NIS Directive that entered into force in 2018 . The new directive must be implemented in Danish law by 17 October 2024 and will directly affect a large number of businesses in around 18 sectors , including ( directly and indirectly ) their supply and value chains .
DORA :
The Digital Operational Resilience Act ( DORA ) is a new EU regulation on digital resilience in the financial sector . DORA must be implemented in Danish law by 17 January 2025 . DORA will become lex specialis in relation to NIS2 in the financial sector and includes i . a . stricter requirements for testing and supply contracts .
Read the guide
However , we not only advise on cybersecurity . On page 56 , our Head of IT , Jacob Brønnum Schou , describes how we work with IT security in practice and which measures we take as a knowledge-based firm , storing and processing vast amounts of documents on behalf of our clients ; and how we have been certified for our efforts .
Christel Teglers Mob . + 45 61 61 30 34 cht @ kromannreumert . com
Søren Skibsted Mob . + 45 24 86 00 19 ssk @ kromannreumert . com
29