Governance in the NIS2 Era Event

Caroline Spillane CDir, Chief Executive Officer of IoD Ireland, kicked off the event by highlighting how the Network and Information Security Directive 2 (NIS2) Directive is designed to strengthen cyber security and resilience across critical sectors. She also noted how it is the first EU-wide piece of cyber security legislation. IoD Ireland research conducted last year found that 41% of directors were not aware of their own personal liability for severe organisational non-compliance. Caroline commented that NIS2 mandates board-level accountability, which includes personal liability for directors in cases of severe non-compliance, with organisations in-scope. Caroline also outlined supports that were available on the NCSC website, but also noted how IoD Ireland would continue to support members on this key area. 

Louis Cohen, Head of Cyber Security at ComReg, delivered a detailed update on ComReg’s role as the designated regulator for NIS2 in Ireland. He explained the implications for company directors and noted that Ireland is expected to transpose the directive into national law before the end of the year. Louis noted the role of ComReg, as the competent authority and regulator for NIS2 and outlined what this means for directors. For further information, directors were encouraged to consult ComReg’s official website.

Julie Austin, Partner, Privacy and Data Security team, Mason Hayes & Curran, then provided an insighftul overview presentation on the scope of NIS2, including how to determine your organisations level of scope. The event then moved into a panel session, with Julie being joined by colleagues Claire Lord, Head of Governance and Compliance, and Emer Shelly, Partner, Corporate Governance team.

The panel provided key insights into the impact of NIS2 and its requirements for board-level cybersecurity governance. The panel discussion also addressed liabality and what this may mean for a director and an organisation. They also addressed how the directive will be transposed differently into the different EU jurisdictions. Key recommendations included conducting a cyber security gap analysis, providing adequate board training, and ensuring that NIS2 compliance remains a standing agenda item for corporate boards.

The event also featured an engaging Q&A session with members, and addressed how this directive was not just about dealing with cyber security threats, but also business continuity and ensuring resilience of your network systems. 

This exclusive event on NIS2 was open to all IoD Ireland members, offering a unique opportunity for Ireland's top directors to gain invaluable insights from some of the most experienced figures in corporate governance.

We would like to acknowledge Mason Hayes & Curran for their support on this event.