The urgency for robust cybersecurity is greater than ever. With increasing cyber threats and stricter European legislation, organizations must prepare for a safer future. Alexander Snel, CISSP CIPP/E – Information Security & Privacy, explains why cybersecurity is more than just technology, even within physical security.

In recent years, the European Union (EU) has introduced more and more guidelines and laws in the area of information security and cybersecurity. These aim to help organizations protect their digital environments and sensitive data against the growing threat of cybercriminals and other malicious actors. Guidelines such as NIS2, DORA, CSIR, and GDPR are clear examples of this:

1. NIS2: Increased requirements for critical and vital sectors

Since October 2024, organizations in critical and vital sectors must comply with the NIS2 directive. In the Netherlands, this directive is being implemented through the Cybersecurity Act (Cbw), which is expected to come into force by mid-2025. This legislation requires companies to demonstrate that they have control over their cybersecurity. There is an obligation for care and reporting, with a focus on incident response, business continuity, and disaster recovery. Alexander Snel explains: “This legislation is particularly important because the management can be held personally liable for non-compliance. Furthermore, the entire supply chain plays a crucial role: if one link is weak, it can make the entire organization vulnerable.”

2. DORA: Specific rules for financial institutions.

The Digital Operational Resilience Act (DORA) is a European regulation that helps financial institutions better manage IT risks and strengthen their resilience against cyber threats. DORA will come into effect in January 2025. Snel explains: “DORA emphasizes the need for strong cybersecurity measures throughout the entire supply chain, with critical third parties also falling under this regulation. Organizations must regularly test for vulnerabilities to ensure they can effectively respond to incidents and maintain business processes, even in emergency situations.”

3. GDPR: Protection of Personal Data as a Priority

The General Data Protection Regulation (GDPR) has been in effect since 2018 and sets high standards for the protection of personal data and, consequently, information security. Organizations must implement “state-of-the-art” security measures to protect data. “When processing sensitive data, such as biometric information or surveillance footage, a Data Protection Impact Assessment (DPIA) is mandatory. Companies also have a duty to report and cooperate with the regulator in the event of data breaches. Non-compliance with the GDPR can result in fines of up to 4% of annual turnover,” explains Alexander Snel.

4. CSIR: Cybersecurity for Critical Infrastructures

Cyber Threats: Being Prepared for the Unexpected

Snel emphasizes: “These regulations make it clear that cybersecurity is no longer an optional expense, but a necessary condition for sustainable and future-proof business operations. The recent publication of the Cybersecurity Report Netherlands 2023 (CSBN) by the National Cyber Security Center (NCSC) also highlights the importance of preparing for unexpected cyber threats. Whether it’s about protecting personal data, ensuring continuity in critical infrastructures, or preventing financial damage from cyberattacks, organizations must take their security seriously to comply with legal requirements and avoid fines.”

Alexander Snel: “At Nsecure, we understand the importance of cybersecurity and compliance for our clients across all sectors. This responsibility is reflected in our certifications: ISO27001, ISO27701, and our SOC2 Type II assurance report. We set high and measurable security standards, even for our suppliers. Because, ultimately, it’s not just about technology; it’s also about collaboration and an integrated approach to security.”

In addition, Nsecure offers various measures and solutions to ensure the safety of the environments and systems it provides. Examples include workplace management for local security workplaces and endpoint (vulnerability) scanning. Snel explains: “Nsecure has the knowledge and expertise to act as a managed security services provider (MSSP). By also handling the cybersecurity aspect, we can adopt an integrated approach and maintain oversight of all security devices, environments, and processes. This integrated approach to security aligns with our full-service offering of Security-as-a-Service. With this, we can manage the complete access and security policy, both in terms of personnel and technology. Disparate disciplines like hospitality, facility, compliance, and security are merged into one cohesive unit by us.”