The NIS2 Directive establishes a common cybersecurity framework across eighteen critical sectors of the European Union. Its scope confirms that network and data security cannot remain isolated inside an IT department.
INCIBE acts as Spain's reference cybersecurity institution and provides services for companies, professionals and citizens. Each organisation, however, remains responsible for its own preparation and response.
An incident must be anticipated
Backups, emergency contacts, logs, alternative systems and responsibilities need to exist before an attack. An untested plan may fail at the moment when the organisation depends on it most.
Suppliers form part of the risk
Software, storage providers, advisers and external platforms expand exposure. Contracts should define security, access, incident notification, recovery procedures and the return of company information.
Culture matters as much as technology
Passwords, updates and authentication are essential, but attacks also exploit urgency, trust and missing verification. Training should be practical, repeated and connected to the actual work performed by employees.