Beware of personal liability in cybersecurity

The Cyber Security Council (CSR) is warning Dutch companies to keep up with the latest technological developments that could pose a threat. These include artificial intelligence (AI) and large-scale digital attacks.

NIS2 directive

The National Cyber Security Centre (NCSC) cites COVID-19 and the war in Ukraine as societal developments that have created an increasing demand for improved cybersecurity. In response, a new European regulation – the NIS2 Directive – has emerged.

The NIS2 (Network and Information Security directive) aims to increase the security of the digital world and limit the impact of cyber attacks within the European Union. The new rules will take effect from 2025.

Important for entrepreneurs

The impact on Dutch companies is significant. Drivers are required by the directive to meet their responsibilities. Ignoring the directive can lead to serious personal culpability, which can increase personal liability. This applies even to supervisory directors. In principle, a negligent company receives a maximum fine of 2% of annual turnover. If there is subsequently no improvement in cybersecurity policies, this can result in personal liability for a director. The new rules will apply to all companies in specific sectors with at least 50 employees and at least €10m in turnover. Companies must investigate for themselves whether they are covered or not.

Handle cyber security policy

According to the CSR, cybersecurity in the Netherlands is of great importance because we are a very digitised country. To manage these risks, it is important that companies implement strict policies and procedures to ensure the security of their digital assets. It is important to be aware of the latest threats and how to recognise them, as well as using advanced technological solutions such as firewalls, anti-virus software and encryption protocols.

In addition, a proactive approach to monitoring and updating systems is crucial to identify and address potential vulnerabilities before they are exploited.

Entrepreneurs should also ensure a culture of security in the workplace, emphasising the importance of adhering to security protocols and reporting suspicious activity. By adopting a layered approach and continuously updating cybersecurity strategies, entrepreneurs can effectively minimise risks and maintain the integrity of their business operations.

Conclusion

It is important that enterprises adopt robust cyber security policies, including strict policies, advanced technological solutions and a proactive approach to monitoring and updating systems. The implementation of the new European NIS2 directive highlights the importance of these measures, especially for directors, who can be held personally liable in case of negligence.

Questions?

Do you have questions about directors’ liability, your cybersecurity policy or any other question? Then contact one of our lawyers by email, phone or fill in the contact form for a no-obligation initial consultation. We will be happy to think along with you.