In order to prepare SMEs in NRW for the challenges of cyber security and to sustainably improve the IT security landscape, the state of NRW has created a NIS2 contact point that NRW companies can use.
As part of a project funded by the Ministry of Economic Affairs, Industry, Climate Protection and Energy of the State of North Rhine-Westphalia, eurobits e.V. in Bochum operates a contact point for small and medium-sized companies affected by the NIS2 Directive.
The NIS2 contact point offers companies with 50 to 250 employees in particular the opportunity to prepare themselves comprehensively and free of charge for the requirements of the NIS2 Directive. The support begins with an uncomplicated initial analysis that quickly shows whether a company is affected by the NIS2 Directive. This is followed by a free initial consultation, during which an individual action plan is developed together with qualified consultants. The company is then responsible for implementing the plan.
The aim is to prepare SMEs in North Rhine-Westphalia for the challenges of cyber security and thus sustainably improve the IT security landscape in Germany.
Why was the NRW NIS2 contact point set up?
The EU cybersecurity regulations introduced in 2016 (Network and Information Security Directive, NIS) were significantly tightened in 2023 by the NIS2 Directive. The NIS2 Directive expands the number of critical infrastructure sectors affected and now also includes numerous SMEs.
Companies with 50 or more employees and an annual turnover of €10 million or more are obliged to take specific cybersecurity measures, depending on the sector. Liability for compliance with these regulations has been extended, with penalties of up to 2% of annual turnover being imposed for breaches. In addition, the management is personally liable. The requirements of the NIS2 Directive pose new challenges for medium-sized companies in particular.
In NRW, 3,000 to 5,000 SMEs are affected – many need support
Estimates for Germany as a whole assume that there are around 30,000 companies that were not previously part of the critical infrastructure but are included in NIS2. Around 18% of German companies are based in NRW. Assuming that the proportion of companies affected by NIS2 in relation to the total number of companies in all federal states is likely to be similar, it can be assumed that around 5,400 companies are directly affected in NRW. Of these, around 3,000 – 5,000 companies will be SMEs.
In order to avoid a situation in which thousands of SMEs in NRW are unable to adapt to the changed legal situation in good time, appropriate support services are therefore required, which cannot be fully financed by those affected.
What does the contact point do?
Companies can contact the NIS2 contact point in various ways. Once contact has been made, an initial discussion takes place between a company representative and a member of staff from the contact point.
During this meeting, the company’s situation is analyzed and it is clarified whether it is actually affected by the NIS2 Directive. If this is the case, the available support services are presented, in particular the possibility of a free initial consultation. The company can then decide whether it would like to take advantage of this offer.
Free advice for affected companies
The contact point coordinates a free initial consultation, which is carried out by qualified consultants. The aim is to inform the company in detail about the requirements of the NIS2 Directive and to jointly develop an individual action plan for implementation. After the consultation, the consultant documents the action plan and makes it available to the company.
Support for independent implementation
In principle, the implementation of the NIS2 action plan in the company is the responsibility of the company’s management. No further free advice is provided in this phase. The NIS2 contact point supports companies with advice and contacts to appropriate specialist companies and other materials as required.
Following the implementation of the NIS2 measures in the company, a review can be carried out on a voluntary basis to check the completeness of the measures.
Further Information
Source:
eurobits e.V.
European Competence Center
for IT Security
Lise-Meitner-Allee 4
44801 Bochum
E-mail: kontakt@eurobits.de
Phone: 49 173 5315050