NIS2
Cybersecurity Directive
The European Union Directive for high common level of cybersecurity of Network and Information Systems (NIS2), coming into effect in October 2024, brings new regulations for cyber protection of critical infrastructure – including maritime companies.
Why This Regulation Matters
NIS2 imposes strict cybersecurity defense and reporting measures on critical infrastructure companies in the EU, including the shipping and energy sectors. It imposes severe penalties for non-compliance, up to EUR 10,000,000 or 2% of the company's global annual revenues and even personal liability for the management. The Directive mandates the adoption of a cyber risk management approach and the implementation of IT and OT protection in real-time.
Who Must Comply?
Inland, sea and coastal passenger and freight water transport companies, not including the individual vessels operated by those companies.
Managing bodies of ports, including their port facilities, and entities operating works and equipment contained within ports.
Operators of vessel traffic services (VTS).
What's Required?
Three key requirements that all covered vessels and facilities must implement
New protection requirements
Operational technology security | Protection for real-time data exchange | Supply chain safeguards
Reporting requirements
24 hours to report an early warning to the relevant authority or CSIRT, 72 hours for a full notification report including a comprehensive severity and impact assessment.
Non-compliance may lead to
Fines up to Euros 10,000,000 or 2% of the global annual revenues of the company (whichever is higher). In some cases, the top company executives may be held personally liable.
How Cydome Helps
Cydome can help you prepare your readiness for NIS2 compliance based on established best practices
Gap Analysis & Risk Assessment
Continuous vulnerability scanning on all assets onboard with embedded analysis of risk assessment
Policies & Procedures
Implementation of all necessary policies, continuous monitoring and enforcement of policies by employees
Cybersecurity Hygiene Framework
Proactive prevention, threat detection systems, network segmentation, and encryption protocols
Continuous Monitoring & Incident Response
Real-time threat detection of IT & OT, SIEM monitoring over the entire fleet
Report & Document Security Incidents
Embedded solution with automated reporting on the detection of incidents and logs of all actions taken
Training Programs & Awareness
Regular phishing drills, cyber training for IT teams on cyber management
Need Help with Compliance?
Our maritime cybersecurity experts are here to help you navigate the new regulations
Email Support
Get detailed answers to your questions