Corporation cybersecurity fines will be good news for consumersUnsplash.com

The EU is launching a new IT security law to improve security and protect sensitive data. However, there are fears that many Irish businesses are not prepared for these changes and could face heavy sanctions.

This will result in many online retailers and services having to update systems, which could lead to disruption to normal service. Financial institutions including banks, insurance brokers, and lenders have been under the spotlight for some time, and already have formidable defenses in place. 

Another cash industry that has seen a rise in online activity is the betting and casino industry. Many famous high-street bookmakers have concentrated on online operations and closed many land-based operations as a way to combat the rising cost of overheads.

As well as the big-name bookies that have moved online, many independent operators are now able to compete. Irish bettors have enjoyed the convenience and variety of betting markets offered by online operators, and some of the best options are known for immediate payouts.

Because consumers have to sign up and provide sensitive personal data to prove who they are, online betting operators will also have to ensure their systems comply with the new rules.

The Network and Information Security (NIS) Directive was the first EU cybersecurity legislation and aimed to achieve uniform security levels across its Member States. NIS 2 will replace the older legislation on the 18th of October 2024 and will target larger companies that have over 50 employees and whose annual revenue exceeds €10 million.

The directive will apply to all businesses that are located in, or carry out services in the EU, and apply to the following industries:

  • Banking
  • Digital infrastructure
  • Digital providers
  • Drinking water
  • Energy
  • Financial market infrastructures
  • Health
  • ICT service management (business-to-business)
  • Manufacture, production, and distribution of chemicals
  • Manufacturing
  • Postal and courier services
  • Production, processing, and distribution of food
  • Public administration
  • Research
  • Space
  • Transport
  • Waste management
  • Wastewater

Businesses will have certain reporting obligations and risk-management measures that they must carry out. These can be explored by businesses on the EUR-Lex site. 

There are several steps that companies will need to implement to ensure they are NIS 2 compliant, including having the support of senior management, setting up project management systems, and implementing training programs. Businesses will also have to define their risk management strategy, carry out risk assessments, implement cybersecurity measures and supply chain security, and conduct internal audits.

These are just some of the examples that qualifying businesses will have to undertake. 

Businesses that fail to adhere to NIS 2 compliance could face sanctions of 2% of their annual turnover or fines of up to €10 million for essential entities. Important entities will face sanctions of 1.4% of their annual turnover or fines up to €7 million.

While this will be a costly exercise for the businesses involved, it will provide greater security to consumers. Whether you bet with crypto gambling sites, enjoy online banking services, or have an online energy account, this new directive should help to protect your information.

It should also improve confidence in Irish businesses and have a positive effect on the economy.