NIS2 makes cybersecurity a leadership responsibility at board level, not just an IT matter — CISOs must operate more strategically and work closer to senior management in the future.
29,500 German companies in critical infrastructures and essential services are obligated to implement the EU cybersecurity standards of the NIS2 Directive.
Orphaned accounts in decentralized cloud services constitute a direct breach of NIS2 requirements and trigger personal liability for company executives.
NIS2 makes board members personally liable for cybersecurity and requires annual management documentation – CISOs must establish formal compliance evidence.