The Network Information Systems Directive (NIS2) and its predecessor NIS focus on risk management for organizations. The EU states that the NIS is the first piece of EU-wide legislation on cybersecurity with the goal of achieving a high common level of cybersecurity across the member states. The NIS2 will be quite impactful, especially as it expands on the NIS and includes more industries, new reporting requirements, and greater penalties.
NIS2 will especially shift how organizations approach and manage supply chain security, as part of a holistic approach to cybersecurity across EU member states (and beyond). By securing every part of the supply chain, the directive will foster a robust, unified cybersecurity front across the EU.
Current State of Supply Chain Security
Ransomware will cost victims about $42 billion USD in 2024, which has more than doubled from $20 billion USD in 2021, with threat actors conducting an attack every two seconds (according to Cybersecurity Ventures).
Specifically, data extortion ransomware attacks increased at an annualized rate of more than 112% in 2023. In our research, we observed that threat actors attacked the manufacturing, information…
