NIS2 Directive Why SMEs should review their IT now

Overview

NIS2: IT inventory as the basis for digital resilience 

The NIS2 Directive also presents Swiss SMEs with the challenge of adapting their IT security strategies. But instead of simply complying with new requirements, companies can seize the opportunity to make their IT more resilient and efficient. An IT inventory is the first step in this process: it reveals vulnerabilities, provides clarity and forms the basis for a future-proof strategy.

The NIS2 Directive marks a turning point in IT security: it requires companies not only to provide superficial documentation of their IT landscape, but also to fundamentally transform their security architecture. While this requirement may seem challenging at first, it offers SMEs in particular the opportunity to make their IT infrastructure fit for the future. A systematic IT inventory forms the foundation for three key advantages:

  1. Holistic overview:
    A professional inventory goes far beyond a simple inventory. It systematically identifies vulnerabilities in your entire IT landscape – from network architecture and system configurations to business processes. This transparency enables you to identify risks at an early stage and make informed strategic decisions.
     
  2. Compliance and security:
    NIS2 compliance means more than just ticking off checklists. Structured analysis helps you not only to meet regulatory requirements, but also to integrate them into your security strategy. Targeted measures not only reduce compliance risks, but also effectively strengthen your cyber security.
     
  3. Strategic optimisation:
    The insights gained form the basis for a future-oriented IT strategy. You can make your infrastructure not only more secure, but also more flexible and efficient. This creates the conditions for digital innovation and sustainable competitiveness.

The 10 core areas of NIS2-compliant IT inventory 

A successful IT inventory according to NIS2 requires more than just superficial checks—it demands a systematic look at your entire IT landscape. The guideline defines ten core areas that interlock and complement each other. This structure helps you avoid overlooking important aspects while simultaneously leveraging synergies between the individual areas. Particularly important: The analysis should not be seen as a one-time process, but rather as a basis for continuous improvements.

  1. Risk Analysis and Security Concepts
    • Review existing security policies for up-to-dateness
    • Integrate new risks from remote work and cloud usage
  2. Security Incident Management
    • Document and test incident management processes
    • Implement clear escalation plans and cyber drills
  3. Business Continuity
    • Develop robust emergency plans for business continuity
    • Optimize backup strategies and Recovery times
  4. Supply Chain Security
    • Review security standards of suppliers and partners
    • Anchor security requirements contractually
  5. Network and Information Systems
    • Create a complete inventory of your IT landscape
    • Evaluate and optimize implemented protection mechanisms
  6. Cryptography and Encryption
    • Review and update the encryption standards used
    • Ensure the correct handling and secure management of cryptographic keys
  7. Personnel and Access Control
    • Revise Authorization concepts
    • Implement least-privilege principles
  8. Authentication and communication
    • Evaluate multi-factor authentication
    • Secure communication channels
  9. Cyber ​​hygiene and training
    • Implement security awareness programs
    • Train employees regularly
  10. Effectiveness measurement
    • Define measurable security metrics
    • Establish regular controls

NIS2 Quick Guide: What you need to know now 

The NIS2 Directive is revolutionising IT security in the EU – with direct implications for Swiss companies. Here is an overview of the most important points:

New obligations: cyber security management, risk analyses, incident response

Affected parties: IT service providers, suppliers, production, logistics with EU connections

Proof: documentation, regular audits, reporting obligations

Timetable: early assessment as the first step towards compliance

From concept to successful implementation 

The path to NIS2 compliance begins with well-thought-out project organisation. Experience has shown that appointing a central coordinator who acts as the linchpin for all measures is a proven approach. This person not only orchestrates the various project phases, but also ensures that management remains continuously involved – a critical success factor for sustainable change.

With this foundation in place, you can tackle the next steps in a targeted manner: a structured gap analysis reveals precisely where your company stands today and what measures are still required for NIS2 compliance. This often shows that many companies already have a good foundation on which to build.

The identified gaps must then be prioritised intelligently. First, focus on the areas that are mandatory from a regulatory perspective or pose an increased risk. A realistic schedule with specific milestones helps you to approach implementation in a structured manner and maintain an overview. Regular reviews ensure that you stay on track and can make timely adjustments if necessary.

CYBER SECURITY AS A COMPETITIVE ADVANTAGE 

Implementing the NIS2 Directive means more than just ticking off compliance requirements – it is a strategic opportunity for greater digital resilience. Companies that act now gain a double advantage: not only do they meet regulatory requirements, but they also make their IT infrastructure fit for the challenges of the digital future. A professional inventory forms the foundation for this and creates transparency for all further steps.

MTF Solutions brings experience from numerous successful NIS2 projects to the table. As your partner, we accompany you from the initial analysis to full implementation – in a practical, efficient manner and with a clear focus on your individual requirements. Our experts are familiar with the specifics of the Swiss SME environment and know what really matters when it comes to implementation.

MTF: Your partner for NIS2 compliance 

Der Weg zur NIS2-Compliance mag herausfordernd erscheinen, doch mit dem richtigen Partner und einer strukturierten Herangehensweise wird er beherrschbar. Eine professionelle IT-Bestandsaufnahme bildet dabei das Fundament für alle weiteren Schritte. Sie schafft Transparenz, deckt Handlungsfelder auf und ermöglicht eine zielgerichtete Umsetzung der Anforderungen.

Warten Sie nicht, bis es zu spät ist – handeln Sie jetzt. MTF Solutions begleitet Sie als erfahrener Partner auf Ihrem Weg zu mehr IT-Sicherheit. Vereinbaren Sie heute noch Ihre kostenlose Erstberatung und erfahren Sie, wie Sie die NIS2-Anforderungen für Ihr Unternehmen gewinnbringend umsetzen können.

CONTACT NOW

FAQs 

  1. What exactly is the NIS2 Directive and why does it also affect Swiss SMEs?
    The NIS2 Directive (Network and Information Security Directive) is an EU-wide law to strengthen cybersecurity. Swiss SMEs are also affected if they provide services or products to customers within the EU – for example, in logistics, IT, energy, or healthcare. Compliance is therefore not just a legal obligation, but a strategic advantage.
     
  2. What role does the IT inventory play in the context of NIS2?
    The IT inventory is the first and most important step in meeting the NIS2 requirements. It creates transparency across all IT systems, identifies security gaps, and forms the basis for targeted improvement measures. Without a complete inventory, any security strategy remains incomplete.
     
  3. What typical mistakes should be avoided during the IT inventory?
    Common mistakes include: too superficial recording of systems, lack of prioritization of risks, insufficient involvement of specialist departments, and missing updates. The IT inventory should be reviewed regularly and viewed as a continuous process.
     
  4. Which companies are specifically affected by the NIS2 Directive?
    Medium and large companies from critical sectors such as energy, transport, water, healthcare, digital infrastructure, and public administration are affected – as are all those who work with these sectors as suppliers or IT service providers. This includes many Swiss SMEs with EU customers.
     
  5. How does the implementation of NIS2 compliance work in practice?
    Implementation begins with an IT inventory, followed by a gap analysis to identify vulnerabilities. Measures are then prioritized, an implementation plan is drawn up, and continuously reviewed. A structured process with clear responsibilities is crucial for success.
     
  6. Why is NIS2-compliant IT security a real competitive advantage?
    Because it not only ensures compliance, but also builds trust among customers and partners. A robust IT infrastructure protects sensitive data, reduces the risk of failure, and supports digital innovation – a clear advantage in an increasingly digitalized market.

Also interesting 

SecurityCheck

More

SECURITYCONSULTING

More
Overview

Do you have Questions ?

Rubén Saiz
Managing Director Liechtenstein, St. Gallen & Chur
+41 81 250 53 00
[email protected]