NIS2 enforcement to begin this July
Pro
Louise McKeown, .IE
Board members whose companies fail to meet new EU cyber security requirements face fines and potential disqualification, Ireland’s national domain registry has warned.
The domain registry commissioned Amárach to survey 354 Irish business decision-makers in essential and important entities and 47% of organisations said they had not fully mapped their supply chain for critical services.
The research revealed that 45% of Ireland’s most essential and important entities are not prepared for Network and Information Security Directive (NIS2) implementation.
Failure to comply with NIS2, which is due to be signed into Irish legislation by July, will mean a maximum fine of at least €10,000,000 or up to 2% of the total worldwide annual turnover, in addition to reputational damage.
Under the directive, up to 5,000 essential entities in Ireland must take measures to manage risks to their online systems and to prevent or minimise the impact of incidents on recipients of their services.
Board members will be accountable for non-compliance and companies will be required to notify significant cyber incidents within 24 hours.
“Ignorance is not an excuse – we urge organisations to start to take cyber risk as seriously as they do economic risk, the entire way along their supply chain,” said Louise McKeown, chief growth officer at .IE.
NIS2 aims to strengthen the culture of cyber security across sectors that are vital for our economy and society and that rely heavily on information and communications technology (ICT).
These include energy, transport, water, banking, healthcare and digital infrastructure sectors.
This highlights the need for thousands of further third party suppliers to ensure that they are prepared for NIS2 compliance.
The survey found that 17% of Ireland’s key organisations experienced a significant cyberattack since 2024.
“As well as fines for your company, Ireland is small and the reputational damage that will go along with non-compliance could have a long-lasting, negative impact,” said McKeown.
“If you aren’t sure where to start, visit DigitalTrust.IE to ascertain your current level of digital vulnerability across your website, e-mail and domain.
“Once you apply, your setup is assessed using a proprietary scoring evaluation that checks against industry-defined best practice.”
Ireland’s first Digital Trust Mark, created by .IE, has been described as an NCT for firms’ online identity.
Applicants receive a grade by the next working day and if an A-rating is achieved, businesses can display the mark for the following 12 months.
Domains that do not reach an A-rating will be given a detailed outline and recommended actions.
TechCentral Reporters