Question 1

What is NIS2 and does it apply to organisations in Ireland?

Accepted Answer

NIS2 (Network and Information Security Directive 2), also known as EU Directive 2022/2555, is an EU-wide cybersecurity regulation that applies to all 27 member states including Ireland. It requires essential and important entities across 18 critical sectors to implement robust cybersecurity measures, report incidents to the NCSC within 24 hours, and maintain continuous audit-ready evidence. Ireland is implementing NIS2 through the National Cyber Security Bill 2024.

Question 2

What is the personal liability for CEOs and CISOs under NIS2?

Accepted Answer

NIS2 introduces direct personal accountability for senior management. CEOs, CISOs, and board members can face personal fines up to €10 million and may be held personally liable for compliance failures. This represents a significant shift from previous cybersecurity regulations.

Question 3

What are the financial penalties for NIS2 non-compliance in Ireland?

Accepted Answer

Essential entities face fines up to €10 million or 2% of global annual turnover (whichever is higher). Important entities face fines up to €7 million or 1.4% of global turnover. Additionally, management can be held personally liable and face temporary bans from management positions.

Question 4

How does NIS2Ireland.com help with compliance?

Accepted Answer

NIS2Ireland.com provides automated NIS2 compliance through the Enginsight platform. This includes Watchdog for asset discovery, Observer for vulnerability detection, Hacktor for automated penetration testing, Verity SIEM for log management, Active Shield IDS/IPS for threat detection, and Network Shield for micro-segmentation. All modules generate audit-ready evidence that directly maps to NIS2 Article 21 requirements.

NCSC Risk Management Measures (RMMs)

Asset Management and Inventory

Vulnerability Management

Patch Management

Configuration Management

Access Control

Identity and Authentication

Encryption and Cryptography

Monitoring and Logging

Incident Detection and Response

Supply Chain Security

Secure Development and Procurement

Business Continuity and Backup

Data Protection and Privacy

Personnel Security

Security Awareness and Training

Supplier Management and Audits

Implement All 16 RMMs with Enginsight