As rapid digital innovation and our reliance on technology continue to increase, cybersecurity is more important than ever. To address the evolving complexity and sophistication of cyber threats, the European Union (EU) has released the Network and Information Security Directive (NIS2 Directive). This means that businesses of all sizes across Europe are facing elevated expectations when it comes to cybersecurity.

What is NIS2 and why does it matter?

Simply put, the NIS2 Directive is a regulatory framework that outlines strict cybersecurity requirements. It’s not just about keeping data safe from unauthorised access or misuse – it’s about ensuring that digital services remain up and running without unexpected interruptions. It helps businesses secure data, strengthens trust in digital services, and prevents disruptions that could degrade user experience or cause financial and reputational damage.

How does NIS2 affect businesses?

NIS2 is designed to elevate cybersecurity across organisations of all sizes, from small businesses to large companies. However, the directive is particularly relevant for critical sectors including digital infrastructure, energy, health, transport, public administration, and manufacturing.

The directive outlines minimum cybersecurity measures that organisations must adopt. It places significant responsibility on company management to ensure these measures are in place, and extends accountability to subcontractors and non-EU suppliers as well. While many countries have yet to incorporate NIS2 into their national laws, they are expected to do so in 2025. Depending on how NIS2 is implemented locally, senior management could even face personal liability, and businesses may encounter sanctions, such as fines, which can reach up to 2% of turnover.

You can find out more about NIS2 on the European Union’s website.

What is Visma doing to prepare for NIS2?

Security has been one of our top priorities for a long time. It’s not just a ‘checkbox’ – it’s a commitment. We aim to not only meet but exceed cybersecurity standards and recommendations, and NIS2 is no exception. At Visma, we’re staying ahead of the curve, already integrating advanced security measures into the Visma Security Program.

Visma Security Program

Our comprehensive security program combines training, guidance, and advanced security services to protect our software products and customer data from cyber threats. The program ensures that security measures are constantly updated, tailored to the specific needs of each Visma company, and fully compliant with required standards and regulations, including NIS2.

We already have a variety of security measures in place that meet the NIS2 requirements:

• Visma actively measures the gap between current security levels and desired standards, developing risk management strategies that include actionable steps. These steps include fixing critical vulnerabilities and patching servers, aligning with NIS2’s focus on risk management and incident response.
• Visma maintains dedicated 24/7 security operations for monitoring, detection, prevention, and incident management. The Visma Cyber Crime Centre (VC3) specifically works to prevent cyber crime, ensuring strong security across the entire organisation.
• Visma’s Security Maturity Index tracks targeted security levels versus actual performance in real-time, promoting transparency and accountability. It serves as a tool for management to set KPIs and make strategic security decisions, complementing the accountability requirements of the NIS2 directive.
• The Visma Security Program emphasises continuous learning and improvement through recurring actions and experiences, ensuring that despite constant changes in team composition and product releases, security competence and maturity are maintained.

We’re committed to continually adapting and enhancing our security program. Not only to meet the requirements set by the NIS2 Directive but to exceed them. The safety of our customers is our top priority, and we pride ourselves on delivering innovative products and solutions that are sustainable and resilient against cyber threats. As the NIS2 legislative changes unfold, rest assured that we will be ready and well-prepared.