As the Government launches the Network and Information Systems Regulations 2018, organisations need to ensure they’re ready to respond or run the risk of incurring non-compliance penalties of up to £17m.
Governments around the world are responding to the increasing cyber threat with new legislation. Requirements of the new laws typically include compliance with security standards, establishing breach notification processes, being subject to regulatory audits and can also include significant penalties.
The EU launched the Network and Information Systems Directive in 2016 which requires all EU Member States to introduce cyber security legislation for the protection of critical national infrastructure. The UK Government has therefore launched the Network and Information Systems Regulations 2018 which come into force on 10 May 2018. Maximum penalties for non compliance are £17m.
This is the first time many UK industry sectors will formally be subject to cyber security regulation. Are you in scope and ready to respond?
KPMG team members have been involved in the NIS Regulations throughout the development and consultation process. KPMG is therefore here to provide you with practical support. For example:
• Defining and implementing an overall approach to addressing global legal and regulatory requirements to remove the disruptive element of multiple jurisdictions launching cyber legislation
• Supporting identification of whether you are an Operator of Essential Services as defined by the regulations
• Supporting you to identify which aspects of your business fall within the scope of the NIS Regulations
• Performing a gap analysis of in-scope systems and assets (IT and OT) against requirements including risk assessing how requirements are addressed
• Establishing strategy and roadmap of projects to close any identified gaps
If you want to work with a partner who will help you develop a practical approach to dealing with cyber security legislation please get in touch with your usual KPMG contact or use the links in the sidebar.