The Networks and Information Systems Directive, more commonly referred to as the NIS Directive, is a law that was introduced on 9th May this year. The purpose of this directive is to improve the security of businesses providing essential services such as energy, transport, banking and healthcare. NISD also applies to businesses providing critical digital services such as search engines and cloud computing.
This law aims to encourage stringent best practice by boasting large fines to those who neglect Cyber Security. The government introduced this scheme to help tackle and reduce incidents like the one that affected the NHS earlier last year.
The NCSC states that, from a business perspective, NISD affects companies that are identified as either Operators of Essential Services (OES) or Competent Authorities (CAs). This directive also helps to ensure that there are controls in place to make Cyber Security a priority for these types of organisations.
From a customer perspective, NISD provides you with the reassurance that security is a primary consideration among these companies and that there are disciplinary measures in place for those companies who neglect Cyber Security. There has been concern surrounding the safety of these systems for some time now and, with the implementation of NISD, it now becomes mandatory for these organisations to take appropriate measures with regard for information security.
Last year, there were 8,292 separate malware and DDoS attacks on businesses, and this number is likely to rise. Companies that are not yet compliant with NISD have until November 2018 to do so before non-compliance fines, of up to £17M, are issued. With the advancement of technology and cyber-crime, more elaborate attacks can prove catastrophic for these organisations. We can only hope that this regulation provides motivation for businesses to focus on Cyber Security.