The question is not "if" you will face a cyberattack, but "when". Ensure your cyberspace is resilient to security risks early. New cybersecurity regulation will impact many Slovak companies this year and next.
Time Frame
- October 17, 2024
- sufficient and timely preparation is key - the earlier the better
Sectors concerned:
- energy
- transport
- banking
- infrastructure financial markets
- health
- drinking water
- waste water
- digital infrastructure
- postal and courier services
- waste management
- chemical industry
- food industry
- digital service providers
- research
- universe
- manufacturing
- medical devices
- computers
- electronic and optical instruments and equipment
- machinery and equipment
- motor vehicles
Liability
- new personal responsibility of “the governing body” (managing director, board of directors, etc.) for cybersecurity
- responsibility should not be delegated to the IT department/NIS 2 officers
- governing body will have to:
- initiate and confirm NIS2 measures
- monitor the implementation of the NIS2 measures
- undergo regular training, familiarise yourself with the processes and know them
New obligations of the company at a glance
- self-identification
- notification of the NIS 2 obligations to the authorities
- determination of the scope of the risk – i.e. whether the regulation applies to the whole business or part of it
- introduction of cybersecurity measures (procedural, organisational and technical)
- adoption and adherence to the cybersecurity documentation
- risk analysis and its management
- security of the supply chain
- cyber hygiene and employee training
- use of cryptography and encryption, multi-factor authentication
- informing customers about incidents and threats
- implementing countermeasures
- regular training for management and employees
Penalties
- in the current cyberlaw setting, a fine of up to EUR 300,000 for failure to adopt cybersecurity documentation
- NIS 2 brings an increase in fines, up to a maximum of 7 to 10 million or 1.4 % to 2 % of worldwide annual turnover, whichever is higher (fine thresholds by type of entity - important or essential)
Sanctions
- the temporary suspension of the company's operating permits; or
- temporary suspension of a statutory body from exercising managerial functions in any company
By Bernhard Hager, Partner, Simona Makuchova, Senior Associate, Martina Oveckova, Junior Associate, Eversheds Sutherland
