The Implications of the NIS Directive
What is the NIS Directive
The UK is implementing the EU directive on the security of Networks and Information Systems (known as the NIS Directive). Network and information systems and the essential services they support play a vital role in society, from ensuring the supply of electricity and water, to the provision of healthcare and passenger and freight transport. Their reliability and security are essential to everyday activities.
There is therefore a need to improve the security of network and information systems across the UK, with a particular focus on essential services which if disrupted, could potentially cause significant damage to the economy, society and individuals’ welfare.
What’s in it for You and Your Business?
The Insurance industry is taking a hard look at the NIS Directive in terms of where they see the risk balance between themselves and essential services organisations. Remediation activity to comply with NIS requirements will be considered favourably, whilst non-compliance may leave businesses without cover. Similarly, directors should consider the personal liability that falls upon them for any critical infrastructure disruption that occurs and the reputational damage that could ensue.
Impact of NIS
The breach reporting and penalty mechanisms are the same as for GDPR, so that CNI organisations that experience Business Interruption will suffer fines of up to £17m.
There are no events in the selected category