20.5k unique visitors in the last 3 days

What Does NIS2 Mean for Telco Security?

Expert analyst Patrick Donegan has summarized the implications of the directive which is central to EU cybersecurity law.

A new white paper from Patrick Donegan, Principal Analyst at Hardenstance, explains how telcos must respond to NIS2, the European Union cybersecurity directive that all member states will have to codify in law by October 2024. Like much of Donegan’s work, “Telco Security Takeaways from the NIS2 Directive” is a straightforward read that quickly and simply addresses the key essentials of the subject matter. His driving observation is that:

NIS2 substantially raises the bar in terms of what is expected for how telcos and other critical sectors of industry frame and execute on their cybersecurity operations

Some of the key points from Donegan’s analysis are:

  • NIS2 will impose more substantial security obligations on telcos than anything that has gone before.
  • The goal is to make the philosophy of risk management central to decisions about cybersecurity.
  • Implementation of NIS2 could have counterproductive consequences if not handled with care.
  • Improved vulnerability disclosure and threat intelligence sharing is likely to be one of the most important outcomes without NIS2 prescribing how this will be effected.
  • It can be better to delay telling authorities about incidents than to give them inaccurate reports immediately.
  • US hyperscalers must comply just like European telcos, helping to ensure fair treatment and equivalent outcomes.

Fines for non-compliance could potentially be worth 2 percent of a business’ worldwide annual turnover. As ever, we will have to see whether fines levied in practice come near to their theoretical upper limit, but the potential scale of penalties should grab the attention of executives. This will also reinforce the NIS2 stipulation that management will be held liable for their organization’s approach to cybersecurity and any infringements that result.

“Telco Security Takeaways from the NIS2 Directive” is a punchy and well-focused read. You can obtain it, free of charge and without needing to register, from here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email