New EU Regulations Aim to Strengthen Cyber Resilience

· Deutsche Version
New EU Regulations Aim to Strengthen Cyber Resilience

At the end of 2022, the European Union launched a set of regulations (NIS2, DORA, and CER) that aim to reduce vulnerabilities for cyberattacks in organizations and strengthen the physical resilience of critical entities. The scope of the new legal framework is wide-ranging and imposes profound changes on organizations.

A major change is that cybersecurity becomes a strategic matter rather than just the IT department’s responsibility. It’s in the duty of the management board to implement technical and operational measures required by the new laws. For example: establishing a process to report incidents, ensuring business continuity (BCM), and systematically monitoring IT systems, including all tools used for business communication.

Corporate Communication in the Light of the New Laws

As a company dedicated to secure messaging, we’re particularly interested in how the new laws affect instant messaging in companies.

Instant messengers are a highly convenient communication channel for companies and organizations in all sectors: they transfer a variety of different formats (e.g., voice messages, video, text, and files), enable communication from anywhere, and facilitate information exchange between employees, customers, and partners. However, the risks that chat apps entail should not be underestimated: using everyday messengers for business purposes and/or not enforcing appropriate security measures could lead to company data and trade secrets being exposed. Did you know, for example, that nine out of ten phishing attacks in chat apps occur in WhatsApp?

In view of the increasing risks of cyberattacks, the new regulations respond to an urgent need: they not only aim to reduce cybersecurity vulnerabilities but also require organizations to reinforce their resilience against external threats. Each regulation has its own set of requirements, but all of them include requirements that relate to communication tools, for example:

  • Establish policies relating to the use of encryption in communication (NIS2)
  • Use secure voice, video, and text communication (NIS2)
  • Use secure emergency communication systems (NIS2)
  • Periodically test the resilience of systems (DORA)
  • Establish suitable measures to ensure continuity of essential services during critical times (CER)

The Importance of Planning Ahead

Complying with the regulations is imperative for effective incident prevention: after all, a stable economy and strong cyber resilience can only be built if cyberattacks are fended off successfully. Planning ahead, therefore, is important, and setting up a secure communication channel beforehand plays a significant part in it.

A dedicated business messenger provides companies with a secure channel to maintain communication with key decision makers, employees, and customers in the event of an emergency or while other systems are down. During regular business operation, it protects sensitive company information and employee data. Hence, a secure business messenger should be an integral part of every cybersecurity strategy.

Read our whitepaper to find out more about the new EU regulations.

We will also talk about NIS2, DORA, and CER in a webinar.

If you have any specific questions about Threema Work, you can request a personal consultation.