21
Thu, Nov
52 New Articles

Preparing Companies for New Cybersecurity Obligations

Preparing Companies for New Cybersecurity Obligations

Slovakia
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The question is not "if" you will face a cyberattack, but "when". Ensure your cyberspace is resilient to security risks early. New cybersecurity regulation will impact many Slovak companies this year and next.

Time Frame

  • October 17, 2024
  • sufficient and timely preparation is key - the earlier the better 

Sectors concerned:

  • energy
  • transport
  • banking
  • infrastructure financial markets
  • health
  • drinking water
  • waste water
  • digital infrastructure
  • postal and courier services
  • waste management
  • chemical industry
  • food industry
  • digital service providers
  • research
  • universe
  • manufacturing
    • medical devices
    • computers
    • electronic and optical instruments and equipment
    • machinery and equipment
    • motor vehicles

Liability

  • new personal responsibility of “the governing body” (managing director, board of directors, etc.) for cybersecurity
  • responsibility should not be delegated to the IT department/NIS 2 officers
  • governing body will have to:
    • initiate and confirm NIS2 measures
    • monitor the implementation of the NIS2 measures
    • undergo regular training, familiarise yourself with the processes and know them

New obligations of the company at a glance

  • self-identification
  • notification of the NIS 2 obligations to the authorities
  • determination of the scope of the risk – i.e. whether the regulation applies to the whole business or part of it
  • introduction of cybersecurity measures (procedural, organisational and technical)
    • adoption and adherence to the cybersecurity documentation
    • risk analysis and its management
    • security of the supply chain
    • cyber hygiene and employee training
    • use of cryptography and encryption, multi-factor authentication
    • informing customers about incidents and threats
    • implementing countermeasures
    • regular training for management and employees

Penalties

  • in the current cyberlaw setting, a fine of up to EUR 300,000 for failure to adopt cybersecurity documentation
  • NIS 2 brings an increase in fines, up to a maximum of 7 to 10 million or 1.4 % to 2 % of worldwide annual turnover, whichever is higher (fine thresholds by type of entity - important or essential)

Sanctions

  • the temporary suspension of the company's operating permits; or
  • temporary suspension of a statutory body from exercising managerial functions in any company

By Bernhard Hager, Partner, Simona Makuchova, Senior Associate, Martina Oveckova, Junior Associate, Eversheds Sutherland