NIS2 - too few resources
The implementation of NIS2 will be one of the biggest challenges in 2024 for many companies and organisations.
This implementation will present at least two major challenges.
First and foremost, we are going to lack resources.
The people who know about information security and data protection are already busy in their daily work. There isn’t an army of available and qualified people waiting to take the NIS2 challenge. Far from it.
Fortunately, there are a lot of skilled consultants who will help. We need them, but it is important that we make sure that information security and NIS2 is anchored in our own organisations.
Those who tried to outsource work with GDPR can testify that it was a bad idea. At best, it's like peeing your pants to stay warm.
Will we have a business B-team?
The other major challenge is with the companies that are indirectly affected.
Right now, thousands of European companies are implementing NIS2 because they are directly in scope of the directive.
New requirements are being placed on them - not least in terms of securing their supply chains. Therefore, they need to push the requirements on to their suppliers and partners.
Companies that don’t start to address NIS2 requirements soon, risk ending up on the business B-team. They will not be able to do business with those on the A-team.
Fortunately, it is manageable. We already know a lot about what the companies need to comply with.
At Wired Relations we have spent some time dissecting the directive's requirements and turning them into simple questions. If you answer them, you can get an idea of where your company is lacking. Learn more about Wired Relations' approach to NIS2 here.
AI - probably not going away in 2024
We will also have to deal with artificial intelligence, which really came onto the agenda in 2023.
AI will affect us in two ways.
- It will become an independent compliance discipline - part of digital compliance and
- we will spend time figuring out how AI can help us in our compliance work.
I am certainly sure that in 2024 we will talk about AI in compliance and especially find great and inspirational use cases. Best practices - a necessary step in maturing our industry
Moreover, I hope we will also be discussing GRC and data protection best practices. Too many organisations invent their own processes and workflows in their own complex systems.
It means that taking over as a new data protection professional in an organisation is more difficult than it has to be.
In the financial department they do not reinvent debit and credit - they follow best practices. Let’s do the same.
What do you think?
What will be the big themes in 2024?
Give your opinion on our LinkedIn page.