NIS2 Blog by Christian Billmann

First things first: I am neither a lawyer nor a certified cybersecurity consultant. At asvin, we have experts who are far more qualified in these areas than I am. However, working in marketing, I can’t avoid the topic of EU NIS 2. It’s omnipresent, and I inevitably have to deal with it.

Why is EU NIS 2 so Controversial?

Everywhere, people are talking about EU NIS 2 – deadlines, penalties, implementation, and the potential shortcomings of the law. Many companies initially respond with frustration: “Why do I have to deal with more regulations? Now I even have to be liable because ‘those at the top’ decided so?”

It might be tempting to do a quick check and find out that your company doesn’t fall under NIS 2 regulations, leading to the thought: “Well, then I don’t have to do anything.” However, this approach is short-sighted and can become costly in the long run.

The Comparison: Seatbelt Mandate in Cars

Let’s consider the introduction of the seatbelt mandate in cars. There was resistance and “seatbelt slackers” back then too. But the mandate wasn’t introduced to generate fines or boost the sales of cars with seatbelts. Instead, it was recognized that consistently wearing seatbelts saves lives.

Since the seatbelt mandate was introduced in 1974, accident statistics have significantly improved. Even today, there are still violations and fines during traffic controls. However, most people recognize the benefit of seatbelts: they save lives, even if no immediate law demands it.

Interestingly, Volvo has been installing three-point seatbelts in their cars since 1958 – long before it was legally required. This shows that proactive safety measures make sense, independent of legal requirements.

Parallels to EU NIS 2

I see a similar situation with EU NIS 2. Regardless of whether and when the implementation requirements become relevant for your company, risk assessments and comprehensive risk management already make sense. These measures contribute to the security and resilience of your company and protect against potential threats and damages.

In business, it is crucial to act proactively and not just react to legal requirements. Good risk management can not only protect against penalties but also ensure ongoing operations and build customer trust.

I don’t know about you, but I’d rather endure a few bruises from the seatbelt in a collision than go through the windshield into the great beyond. Doesn’t it make more sense to accept the inconvenience of implementing risk management than to suffer from security breaches? The safety of your company and your partners should be a top priority – regardless of legal mandates.

Would you like to learn more about cyber risk management for businesses and how to best protect your company? Contact our experts and get comprehensive advice.

Author: Christian Billmann