Your Strategic Partner in Compliance and Risk Management
With over 30 years of experience enabling financial entities with managing risk, Thomas Murray is uniquely positioned to support your organisation through NIS2 compliance and beyond.
Our expertise lies at the intersection of cyber security, operational resilience, risk management, and regulatory compliance. Our consultants work closely with you to deliver insights based on real threat actor activity and industry-specific intelligence.
Why does the NIS2 matter?
NIS2 is an EU directive introduced between 2023-24 and is required to be transposed in national law by 2024/ 2025. NIS2 strengthens cybersecurity of critical infrastructure across member states. For more information, see the FAQ section.
Non-compliance can result in fines of up to:
- €10 million or 2% of annual turnover for Essential Entities
- €7 million or 1.4% of annual turnover for Important Entities
Is your organisation prepared?
Our NIS2 Compliance Services
At Thomas Murray, we act as strategic and operational partners in the NIS2 compliance journey. In order to deliver NIS2 compliance to our clients, we approach it with two workstreams:
Assess and Plan
Our holistic NIS2 cyber security maturity assessment is completed within four to six weeks, delivering:
- Executive Summary.
- Detailed findings and recommendations.
- Roadmap to compliance.
- Prioritised findings.
NIS2 Implementation Support
We can help organisations achieve NIS2 compliance by providing a range of services:
- Program and project management support.
- Documentation refinement and creation.
- Process change and change management.
- Execution of risk assessments, technical testing and third-party assessments.
- New tooling implementation.
Our delivery and commercial model for the workstream is flexible, pragmatic, and scalable to your needs - we can offer it as
- single advisory support mission
- end to end managed services
- targeted engagements using leveraging retainer model.
What are the key requirements of the NIS2 Directive?
The NIS2 Directive mandates that organisations adopt a risk-based approach to cyber security. This includes implementing minimum measures to manage cyber risks effectively and ensure business continuity. Thomas Murray services are available to help you meet key requirements and simplify the NIS2 compliance.
NIS2 Directive Requirements | How We Can Help |
|
|
See the full range of our cyber services on our dedicated website.
How we deliver NIS2 Compliance
Our proven methodology ensures full NIS2 alignment, with minimal disruption to your daily operations.
1. Your Current State
We begin by assessing your organisation’s current NIS2 compliance status, including planned and completed activities.
2. Tailored Service Package
We identify your current challenges and areas requiring support, then design a customised NIS2 compliance service package. This includes the appropriate delivery model – whether one-off, technology-led, or a fully managed service.
3. Hands-On Implementation
We provide hands-on support to implement governance processes, documentation, testing, assessments, and reporting practices in line with NIS2 requirements.
4. Ongoing Monitoring
By staying on top of regulatory updates, we manage your ongoing implementation in line with evolving requirements and organisational priorities.
FAQ
What is the NIS2 Directive and why is it important?
In response to the growing cyber threat landscape across Europe, the European Union introduced Directive 2022/2555, commonly known as the NIS2 Directive, which sets mandatory cyber security risk management and incident reporting requirements for both essential and important entities. By harmonising security requirements, improving incident reporting, protecting critical infrastructure, and enhancing cooperation, it aims to ensure a resilient and secure internal market.
When did the European Union enforce the NIS2 Directive, and what is its official implementation date?
The NIS2 Directive came into force on 16 January 2023. EU Member States were required to incorporate the directive into their national legislation by 17 October 2024, with official enforcement commencing on 18 October 2024.
Although this was the set deadline, not all Member States achieved full implementation on time, resulting in varied progress across the European Union.
How does the NIS2 Directive impact supply chain security?
The NIS2 Directive places a strong emphasis on supply chain security, requiring organisations across the EU to take a proactive and comprehensive approach to managing cyber risks linked to their suppliers and service providers. Businesses must regularly assess and monitor the cybersecurity practices of third parties, especially those deemed critical, and implement robust risk management processes.
Clear contractual obligations and swift incident reporting are also mandatory, ensuring suppliers meet stringent security standards. The directive introduces risk assessments at EU, national, and organisational levels, making supply chain security a shared responsibility. Ultimately, NIS2 pushes companies to strengthen their entire digital ecosystem, recognising that a single weak link can jeopardise the whole operation. This shift not only enhances resilience but also increases accountability for senior management.
Our insights
Recent Cyber Attacks on Australian Super Funds: A Wake-Up Call for Enhanced Cyber Security
Recent cyber attacks on Australia’s Super funds highlight the need for stronger security.
The Rising Threat: How Cyber Risk is Reshaping Operational Due Diligence Priorities
Cyber threats are reshaping operational due diligence. Learn how investors are adapting to evolving risks and protecting their portfolios.
The Value of Tabletop Exercises for Law Firms and their Clients
Law firms face unprecedented challenges in protecting both their own assets and their clients' sensitive information.
An EvilProxy deep dive: From Outlook to Teams, the £1m heist
A UK-based multinational professional services group narrowly avoided a £1M business email compromise after a patient adversary manipulated an existin
Thomas Murray experts
