How NIS 2 Redefines Cybersecurity Standards For Companies Worldwide
In December 2022, the NIS 2 Directive was adopted in the European Union. Countless EU member states have already transposed it into national law, with most other European member states set to follow. This means the new cybersecurity directive applies to all companies doing business in the EU—and, therefore, to companies worldwide.
It is well worth looking at the largest European legal act on cybersecurity to date, both to avoid fines and to strengthen your own corporate cybersecurity best practices.
The NIS 2 Directive affects not only companies that are critical infrastructures but also all central economic enterprises, their suppliers and their digital supply chains. In this way, cybersecurity is becoming a task of general economic protection—a trend that characterizes the EU and that more countries worldwide are taking up.
As many companies covered by NIS 2 pass on the increased cybersecurity requirements in their contracts, particular caution will be required in the future when providing evidence and documentation of their own cybersecurity standards.
The directive affects companies from the following sectors:
• Energy
• Transport
• Banking
• Financial market infrastructure
• Healthcare
• Drinking water
• Wastewater
• Digital infrastructure operators
• IT service management
• Public administration and government institutions
• Space
• Postal and courier services
• Waste disposal
Additionally, it affects countless manufacturing companies, including chemical companies, mechanical and vehicle engineering, food production and providers of digital services such as cloud computing, online marketplaces and online search engines. The new cybersecurity obligations also cover private research institutions.
However, sectoral affiliation is not the only decisive factor in whether NIS 2 affects a company; organizations must also achieve minimum values for turnover and number of employees. Companies that employ at least 50 people or have annual turnover and balance sheets that each exceed €10 million are obliged to implement a cybersecurity management system in the EU.
In particular, many medium-sized companies—as well as companies from other countries around the world that do business in the EU—are facing increasingly strict cybersecurity compliance obligations. Regarding best practices, however, the new standards don't require an absolute level of digital security but, rather, a level that is appropriate to the given risks.
For example, companies that are newly covered by NIS 2 must first and foremost implement cybersecurity risk management that is based on state-of-the-art technology. Measures to be taken could include the following:
• Systems for attack detection
• Use of AI tools for automated prevention and response to cyber incidents in the company
• Network segmentation
• Access control (in particular, zero-trust policies)
• Awareness for management and employees
• Network mapping and network segmentation
• Vulnerability management and update policies
Cybersecurity is also increasingly becoming a task of holistic digital resilience. With the recent revelation that IT workers from North Korea have even successfully infiltrated large Fortune 500 companies in the United States, every company's cybersecurity policy must increasingly and actively incorporate the factors of industrial espionage and trade secret protection. This is the Achilles' heel of countless companies, as IT management and employee management must increasingly be considered holistically.
In an age of global threats, however, the risk analysis for cybersecurity doesn't end here, as non-technical risk factors and the protection of the (digital) supply chain must increasingly be included. This means that in the age of cloud computing, companies themselves are responsible for ensuring their contractors also demonstrably verify the cybersecurity, availability and data confidentiality of their IT systems.
On the other hand, bottlenecks in the supply of hardware, for example—which still largely originates in Asia, particularly Taiwan and the People's Republic of China—must also be taken into account.
According to the NIS 2 Directive, it's also essential for companies to document every cybersecurity measure they take. Such technical and organizational documentation is not only in the company's own interest to continuously develop an information security management system, but it can also be helpful when it comes to preparing for cybersecurity audits and certifications or when official inspections are pending—which is also possible under European law. As the individual EU member states are responsible for implementing the NIS 2 Directive, the national cybersecurity authorities carry out such reviews.
This means that documenting the cybersecurity measures taken can also help to ward off fines, which can easily run into the millions in the event of serious breaches since NIS 2 defines standardized European fine thresholds for breaches in line with the EU GDPR. The maximum fine for significant entities is either €10 million or 2% of global annual turnover, whichever is higher. The documentation to defend against civil claims for damages following IT failures is of similar relevance.
However, documentation is also required beyond this, as the NIS 2 Directive stipulates official reporting obligations in the event of cyber incidents. Maximum reporting deadlines of 24 and 72 hours apply to the content of the reports, which must always be submitted immediately. In case of doubt, competent authorities may carry out random on-site inspections of cybersecurity standards in the companies, for which the management can be held liable.
As a result, the NIS 2 Directive and its current implementation in all EU member states could massively increase the level of cybersecurity for globally active companies by the end of this year at the latest. Good cybersecurity best practices will become a general corporate warranty responsibility. All international companies operating in the EU are also required to check whether they fall within the scope of the directive and, if so, to establish suitable best practices to defend against digital threats within the company.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
12 minutes ago
- Yahoo
Arsenal's ruthless Eze coup shows intent
Arsenal's dramatic move to steal Eberechi Eze away from arch-rivals Tottenham Hotspur is a ruthless statement of intent designed to show this is the season they plan to finally claim the biggest prizes. Spurs were ready to roll out the welcoming carpet for Crystal Palace's England forward on Wednesday, the deal virtually done with every indication the 27-year-old was set on the move. It then filtered out that Arsenal were assessing the seriousness of a knee injury to forward Kai Havertz, which could potentially put a dent in their attacking resources - a weakness that played a significant part in manager Mikel Arteta's side ending empty handed for the fifth year in succession last season. Instead of taking the cheaper option of exploring the loan market, as was first expected, Arsenal went for broke in spectacular style by setting up a £60m coup to take Eze to Emirates Stadium from right under the noses of Spurs. Eze's move to Arsenal, which is now fully expected to be successfully concluded, is not simply a devastating psychological blow aimed across north London at Spurs. It is a clear signal that they have no intention of falling short in their stated aim of mounting a serious Premier League title challenge, as well as making inroads deep into the Champions League once more after reaching the semi-final last season. It is strategy in stark contrast to the inertia that gripped Arsenal last season, when their failure to solve an obvious problem - namely sign a recognised striker - cost them dearly. Spurs thought they had Eze wrapped up, the possibility of a cash-plus-Richarlison deal discussed, but Arsenal moved with lightning speed once they were confronted by the possibility of Havertz facing a spell on the sidelines. Arsenal have been linked with Eze all summer, but it was thought their interest had cooled once Ethan Nwaneri agreed a new five-year contract, on top of signing Chelsea winger Noni Madueke in a £48.5m deal. Havertz's injury, and its potential consequences, reignited that interest to leave Spurs stunned. Arsenal move ahead of Spurs in race for £60m Eze Football Daily: Isak's social statement & who else is on the move? Arteta knows this is the season he must land a major prize, and to do this he has been heavily backed by Arsenal's hierarchy. As well as Madueke, the Gunners have concluded moves to sign Spain's outstanding midfield man Martin Zubimendi in a deal worth up to £60m and, at least 12 months too late, a recognised striker in Viktor Gyokeres, signed from Sporting Lisbon for £64m. In Eze, who had two years left on his Palace contract, Arsenal will get a versatile forward rich in natural talent who is a match-winner - as he proved when scoring the winner against Manchester City in the FA Cup final in May. This was a follow-up to the spectacular right-foot finish that set Palace on their way to a 3-0 win over Aston Villa at Wembley in the semi-final. Eze also scored the Eagles' opener when they beat Fulham 3-0 at Craven Cottage in the quarter-final. Eze has demonstrated he has the temperament and talent for the big occasion when inspiring Palace to the first major trophy in their history. Arsenal will hope he has plenty of those occasions ahead. He is a scorer and creator of goals, adding real threat to Arsenal's front line, with 14 goals in all competitions last season. Eze was a boyhood Arsenal fan and was part of the club's academy until he was 13. He may have been initially keen on a move to Spurs, but once the Gunners showed their hand was only one part of north London he was heading to. He has achieved his goals the hard way, spending time at Fulham, Reading and Millwall before signing for Queen's Park Rangers. He left Loftus Road for Palace in a £19.5m deal in August 2020. Spurs believe they did all they could to conclude a deal - apart from actually concluding it - but it is a hammer blow to chairman Daniel Levy and manager Thomas Frank, who also thought they had a deal for Morgan Gibbs-White in the bag only for him to sign a new contract at Nottingham Forest. Arsenal will revel in the local rivalry of snatching away a prime transfer target for Spurs, but the wider context demonstrates the Gunners are deadly serious about ending the wait for success that now stretches back to 2020. Eze has previously admitted to "crying for a week" when he was let go by Arsenal in 2011, but this gifted forward has now been given a golden opportunity to make up for lost time. Latest Arsenal news, analysis and fan views Ask about Arsenal - what do you want to know?
Yahoo
12 minutes ago
- Yahoo
Basilea Pharmaceutica Ltd (BPMUF) (H1 2025) Earnings Call Highlights: Strong Revenue Growth and ...
This article first appeared on GuruFocus. Global In-Market Sales Increase: Procemba sales increased by 24.8% for the 12-month period ending March 2025. Royalty Income Growth: 21.7% year-on-year increase in royalty income. Operating Result: Positive operating result of CHF 24 million for the first six months of 2025. Additional Funding: Secured $39 million in non-dilutive funding from BAA. Revenue: Total revenue of CHF 104 million, a 36% increase compared to the first half of 2024. Operating Expenses: CHF 55.7 million, mainly due to costs associated with the ongoing phase 3 program. Net Profit: CHF 15.8 million, compared to CHF 20.7 million in the first half of 2024. Net Cash Position: Positive net cash position of CHF 50.7 million as of June 30, 2025. Operating Cash Flow: Positive cash flow of CHF 23.1 million from operating activities. Debt Reduction: Reduced total debt by CHF 138.3 million from 2022 through June 30, 2025. Full Year 2025 Guidance: Total revenue expected to increase by about 8% to CHF 225 million. R&D Expenses: Projected to rise to CHF 105 million for 2025. Operating Profit Guidance: Expected operating profit of approximately CHF 50 million for 2025. Warning! GuruFocus has detected 5 Warning Signs with BPMUF. Is BPMUF fairly valued? Test your thesis with our free DCF calculator. Release Date: August 19, 2025 For the complete transcript of the earnings call, please refer to the full earnings call transcript. Positive Points Basilea Pharmaceutica Ltd (BPMUF) reported a strong financial performance for the first half of 2025, with a positive operating result of CHF 24 million. The company's leading commercial product, Procemba, saw a 24.8% increase in global in-market sales, contributing to a 21.7% year-on-year increase in royalty income. Basilea secured an additional $39 million in non-dilutive funding from BAA to support the development of its antifungal candidates. The company successfully launched its antibiotic Zayra in the US through a partnership with Innoviva Specialty Therapeutics. Basilea expanded its portfolio by in-licensing ceftibutin deaborbactam, a phase 3 ready novel oral antibiotic for complicated urinary tract infections. Negative Points The net profit for the first half of 2025 decreased to CHF 15.8 million from CHF 20.7 million in the first half of 2024, due to a one-time income tax benefit in the previous year. The company anticipates a 17% reduction in product revenue to about CHF 48 million year-on-year due to a decrease in product supply to Pfizer. R&D expenses are projected to rise to CHF 105 million, driven by the in-licensing transaction and associated costs. The phase 3 program for the newly in-licensed antibiotic is expected to start in approximately 18 months, which may delay potential revenue contributions. Currency fluctuations, particularly the devaluation of the US dollar against the Swiss franc, impacted financial results. Q & A Highlights Q: Why is there an 18-month delay before starting the phase 3 trial for the newly in-licensed antibiotic? Does this relate to securing additional funding? A: David Veitch, CEO, clarified that the delay is not due to funding issues. The 18-month period is necessary for regulatory interactions with health authorities and operational setup. Marc Engelhardt, CMO, added that the studies require a large patient supply, which takes time to prepare. Q: How does the expanded access program for fosmanogepix impact regulatory approval, given the large number of patients involved? A: Marc Engelhardt, CMO, explained that the data from the expanded access program could serve as confirmatory evidence in an NDA filing, provided it meets FDA guidelines for completeness and context. Q: How does the new oral antibiotic fit into the treatment landscape for complicated UTIs, which is dominated by IV treatments? A: Marc Engelhardt, CMO, stated that the oral antibiotic will serve both as an initial empirical therapy and a step-down treatment from IV antibiotics, offering flexibility in hospital and outpatient settings. Q: Why is there expected softness in product revenues in the second half of the year? A: Adesh Kaul, CFO, explained that the fluctuation is due to product delivery schedules and initial supplies related to the US launch and other markets, rather than any underlying weakness. Q: What factors could accelerate enrollment in the fosmanogepix phase 3 program? A: Marc Engelhardt, CMO, mentioned that geographic analysis and increased sponsor engagement at underperforming sites could enhance enrollment rates. Q: Can you provide details on the sales and marketing infrastructure for Zevtera's US rollout? A: David Veitch, CEO, highlighted that Innoviva Specialty Therapeutics has extensive experience in launching antibiotics, with a comprehensive US coverage including sales, medical affairs, and access teams. Q: How does the oral antibiotic compare to GSK's oral carbapenem in clinical development for complicated UTIs? A: Marc Engelhardt, CMO, noted that while there are similarities in trial design, the new antibiotic offers advantages in spectrum and dosing frequency, potentially capturing significant market share. Q: How is Crescemba performing in the APAC region, and how will it mitigate the impact of the 2027 loss of exclusivity? A: Adesh Kaul, CFO, reported strong growth in APAC, particularly in Japan, where exclusivity extends beyond 2027, contributing to sustained revenue despite upcoming patent expirations. For the complete transcript of the earnings call, please refer to the full earnings call transcript. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Fast Company
14 minutes ago
- Fast Company
A creative's guide to community-building
I grew up on different continents—Africa, Europe, and North America. Having the privilege of living in and experiencing diverse countries and cultures during my formative years made it clear to me that, while we are all unique in many ways, there are still core things that are universal. We all want to nurture and spend time with our families. We all want to have fulfilling careers and to feel safe. We all value community. That last shared sentiment is at the center of a brand purpose trend that has remained largely resilient, despite some who claim otherwise. Studies show that we're still in an era where people not only demand brands that reflect their values, but show a deep commitment to a communalcause. We want brands to create change that makes our lives better, not just make a healthy profit. These alignments are areas where brands can lean in, promote belonging, and foster unity at a time of growing divisiveness. Creatives can be valuable partners in this, too—lending brands their insight as well as design, advertising, and strategic expertise. But only if we properly value and nurture their rich spectrum of lived experiences, encouraging the unique qualities that make creatives essential to cultivating a sense of togetherness. That's why, as community-building becomes the new imperative, we must provide creatives with environments that not only celebrate their work, but their individual voices and points of view. Community from creativity Creativity is more than a tool for messaging and communication. Its impact can transcend business into culture, helping us see the world in exciting new ways. And when you choose to be a creative, you're joining a community with its own codes and way of operating. Being in a creative community necessitates a willingness to contribute, participate, and add/realize value for everything from a group of people to an entire industry. As importantly, creative communities tend to have a diversity of perspective that results in more provocative ideas built from lived experiences and unique insights. For example, in working on a community engagement-focused campaign for Delta Air Lines, alongside their in-house agency and graduates from D&AD Shift—our night school for self-taught creatives—I was often surprised by the unexpected ideas shared by our incredible talent. They're a part of so many different subcultures, spread across the worlds of music, fashion, comedy, and more. And they are navigating their differences while developing their own community, making them experts at helping brands do the same. That ability to turn diverse perspectives into shared purpose is rare—especially post-COVID—and it's a quality that must be protected as countless influences increasingly drive us apart. Build a better community The best creative communities don't just happen. They're designed with intention, and they're given the clarity, investment, and support needed to thrive. In my work at Kin and D&AD, I've seen that, for creative people, prioritizing community-building means cultivating a safe space to share, debate, and discuss ideas. That takes prioritizing several core principles: Embrace people as they are: Pioneering creatives can come from any cultural or economic background and be at any stage of their careers. Low-cost tools and social media have also given birth to a generation of self-taught creatives with an entirely different life experience. Celebrate their unique personalities and perspectives. It's their ability to use their insights to notice and address challenges that create value. Recognize and affirm progress: While making room for acknowledgement may seem like something that should be a secondary concern, it's actually key to motivating and inspiring achievement. Incremental changes, consistently executed, lead to massive gains. Both deserve a nod when working with creatives. Positive friction is creative fuel: There's nothing wrong withdisagreement when it's structured and done respectfully. In fact, it's entirely expected when different perspectives come together around creative work. Lively conversation, debate, and collaboration create camaraderie and a sense of shared ownership of creative ideas, elevating them to more potent outcomes. Treat failure as R&D: That meanscelebrating risk-taking and losses as essential parts of the creative journey. They are the building blocks of innovative ideas, important signs that you're experimenting with something interesting and on the path to inventing something original, as long as you learn and evolve from them. Creatives need more environments that wholehearted embrace these principles, giving them a foundation that enhances community-building potential. That way, as brands and organizations increasingly leverage community-based approaches, they'll do so more authentically and in ways that add value to businesses and the broader culture.
