The Networks and Information Systems Directive, more commonly referred to as the NIS Directive, is a law that was introduced on May 9.

The purpose of this directive is to improve the security of businesses providing essential services such as energy, transport, banking and healthcare. NISD also applies to businesses providing critical digital services such as search engines and cloud computing.

This law aims to encourage stringent best practice by boasting large fines to those who neglect Cyber Security. The government introduced this scheme to help tackle and reduce incidents like the one that affected the NHS earlier last year.

From a business perspective, NISD affects companies that are identified as either Operators of Essential Services (OES) or Competent Authorities (CAs), the NCSC states. This directive also helps to ensure that there are controls in place to make Cyber Security a priority for these types of organisations.

From a customer perspective, NISD provides you with the reassurance that security is a primary consideration among these companies and that there are disciplinary measures in place for those companies who neglect Cyber Security. There has been concern surrounding the safety of these systems for some time now and, with the implementation of NISD, it now becomes mandatory for these organisations to take appropriate measures with regard for information security.

Last year, we saw 8,292 separate malware and DDoS attacks on businesses, and this number is likely to rise. Companies that are not yet compliant with NISD have until November to do so before non-compliance fines are issued, which can be up to £17 million. With the advancement of technology and cyber-crime, more elaborate attacks can prove catastrophic for these organisations.

We can only hope that this regulation provides motivation for businesses to focus on Cyber Security.