In an attempt to lower the pressure put on IT departments to single-handedly ensure the security of the organization and to change the sentiment of whose responsibility cybersecurity is, NIS2 includes new measures to hold top management personally liable and responsible for gross negligence in the event of a security incident.
Specifically, NIS2 allows Member State authorities to hold organization managers personally liable if gross negligence is proven after a cyber incident. This includes:
Ordering that organizations make compliance violations public.
Making public statements identifying the natural and legal person(s) responsible for the violation and its nature.
And if the organisation is an essential entity, temporarily ban an individual from holding management positions in case of repeated violations.
These measures are designed to hold C-level management accountable and to prevent gross negligence in the management of cyber risks.
"""
jacquesm•1h ago
In an attempt to lower the pressure put on IT departments to single-handedly ensure the security of the organization and to change the sentiment of whose responsibility cybersecurity is, NIS2 includes new measures to hold top management personally liable and responsible for gross negligence in the event of a security incident.
Specifically, NIS2 allows Member State authorities to hold organization managers personally liable if gross negligence is proven after a cyber incident. This includes:
These measures are designed to hold C-level management accountable and to prevent gross negligence in the management of cyber risks. """