The NIS2 Cybersecurity Directive for the Protection of Critical and Digital Infrastructure, which came into force this week, updates the list of sectors and targeted activities and provides remedies and penalties to ensure compliance. The regulatory act must be transposed into the legislation of the member states within 21 months.

In the context of the intensification and aggressiveness of cyber-attacks in recent years, marked by pandemic, war and energy crisis, the new rules strengthen the resilience of critical infrastructure against a range of threats, including natural risks, terrorist attacks or sabotage. At the same time, member states will have to adopt a national strategy and conduct periodic risk assessments to identify entities that are considered critical or vital to society and the economy.

According to the “PwC 2023 Digital Trust Insights” report for Central and Eastern Europe, about 60% of executives in this area, including Romania, say that cybersecurity has improved as a result of large-scale investments in cyber infrastructure and improved collaboration within the company. , but there is still a lot of work to do, given the increasing complexity due to the interconnectedness of more and more systems and data, as well as more sophisticated attacks. In fact, the possibility of a major cyberattack ranks second in the top five scenarios that CEOs consider in their resilience plans through 2023 after a global recession, and they plan to continue increasing their budget for cybersecurity investments.

The article is signed by Robert Girdock, Senior Manager, and Rezvan Cioch, Manager

Read the rest of the article on the PwC Romania blog