The NIS 2 Directive at Midas Pharma

What is the NIS 2 Directive and why is it important?

The NIS 2 Directive is a revised version of the EU Network and Information Systems Directive, which aims to improve the resilience and security of critical infrastructure and essential digital services.

The directive will enter into force in Germany in October 2024 and will be applicable to a wider range of industries and companies than the predecessor regulation known in Germany as KRITIS.

The affected industries also include the pharmaceutical sector, in which Midas Pharma is active. For the Midas Group, it means that cybersecurity and risk management standards must be adhered to and significant incidents must be reported to national authorities in the future.

In addition, it is expected that the company will also undergo regular audits and inspections by authorities and our customers to ensure that it meets safety requirements.

How is the Midas Group preparing for the NIS 2 Directive?

The national implementation of the NIS-2 Directive is not yet available, but the planning for the already known technical and organizational measures has been completed and is in the implementation phase. Some points have already been concluded.

One of the key aspects of cybersecurity is the human factor, which is often considered the weakest link in the chain of security measures.

According to a recent study by the European Cybersecurity Agency (ENISA), 32% of reported incidents in 2019 were caused by human error, such as clicking on malicious links, opening infected attachments, or using weak passwords.

Considering that 94% of all cyberattacks start with an email, it's imperative to raise awareness and educate employees on cybersecurity best practices to prevent cyberattacks and minimize their impact.

What are the benefits and challenges of the awareness campaign?

The awareness campaign has several benefits for Midas Pharma and its employees. First, it helps to increase the level of cybersecurity knowledge and culture within the organization, which is critical for compliance with the NIS 2 policy and reducing the likelihood and impact of cyber incidents.

Second, it empowers employees to act as the first line of defense against cyber threats by enabling them to detect and report suspicious or malicious activity, and by providing them with the tools and resources to protect themselves and the organization.

Third, it fosters a sense of responsibility among employees by informing them about their role and contribution to the company's cybersecurity and resilience.

The Information Security Department will constantly monitor and evaluate the effectiveness and impact of the ongoing campaign in order to adjust and improve it accordingly.

If you have any questions or would like information, please feel free to contact us.