The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.

The EU cybersecurity rules introduced in 2016 were updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

Who is affected?

NIS2 affects all entities that provide essential or important services to the European economy and society, including companies and suppliers. If your organization falls under any of the categories below, NIS2 is applicable to you:

Essential Entities (EE)

Size threshold: varies by sector, but generally 250 employees, annual turnover of € 50 million or balance sheet of € 43 million

Energy
Transport
Finance
Public Administration
Health
Space
Water Supply
Digital Infrastructure

Important Entities (IE)

Size threshold: varies by sector, but generally 50 employees, annual turnover of € 10 million or balance sheet of € 10 million

Postal Services
Waste Management
Chemicals
Research
Foods
Manufactoring
Digital Providers

Coverage

1. Supply Chain

Map dependencies on all 3rd party products used by your applications and scan them against latest vulnerabilities to prevent supply chain attacks.

3. Encryption

Ensure that all communication between you and your customers remains confidential through the use of strong encryption algorithms.

5. Data leaks

Detect potential data leaks as fast as possible and limit the impact of compromised passwords, PII, certificates or API keys.

2. Shadow IT

Analyze your organization’s digital footprint and entry points from an external perspective and discover undocumented systems

4. Authentication

Prevent public access to your sensitive files and ensure that authorization is enforced through strong password policies and multi-factor authentication.

6. training effectivness

Test the effectiveness of your cybsecurity training programs through social engineering exercises, phishing campaigns and password spraying attacks.

7. detection & monitoring

Assess your company detection and monitoring capabilities through simulated cybsecurity attacks against your infrastructure.

packages

Free

Supply Chain Mapping	✅
Shadow IT Discovery	✅
Encryption Review	✅
PDF Report	✅
Data Leaks Investigation	❌
Authentication Checks	❌
Training Effectiveness	❌
Simulated Attacks	❌
Recommendations	❌
Results Presentation	❌
Top Level Domains	1
IP addresses	10

For companies with less than 10 employees or as a preliminary assessment

0 €

Basic

Supply Chain Mapping	✅
Shadow IT Discovery	✅
Encryption Review	✅
PDF Report	✅
Data Leaks Investigation	✅
Authentication Checks	✅
Training Effectiveness	❌
Simulated Attacks	❌
Recommendations	❌
Results Presentation	❌
Top Level Domains	10
IP addresses	100

For companies with 10-50 employees categorized as “Important Entities (IE)”

1,399 €

premium

Supply Chain Mapping	✅
Shadow IT Discovery	✅
Encryption Review	✅
PDF Report	✅
Data Leaks Investigation	✅
Authentication Checks	✅
Training Effectiveness	✅
Simulated Attacks	✅
Recommendations	✅
Results Presentation	✅
Top Level Domains	25
IP addresses	500

For companies with 50-250 employees categorized as “Essential Entities (IE)”

3,999 €

Order now

Go back

Your message has been sent

Certifications

CRTP – Assess security of an Enterprise Active Directory environment.

OSCP – Demonstrated ability to identify vulnerabilities and execute organized attacks under tight time constraints.

CARTP – Understand and assess security of an Azure environments.

Practical Web Application Security and Testing – Uncovering OWASP Top 10 vulnerabilities using the techniques

Cyber Threat Intelligence – Threat actors, intelligence lifecycle and ethical considerations

Our consultants are part Synack Red Team alongside over 1,500 of the world’s most skilled and trusted security researchers