Gilad Zahavi , VP Threat Intelligence
June 30, 2024

The NIS2 Directive and Threat Intelligence: Are You Compliant?

What is NIS2?

In the past year, there were 343 million victims of cybercrime worldwide, and ransomware attack victims rose by a staggering 128% between 2022 and 2023.1 Industries such as technology, government, finance, healthcare, and telecom were among the most targeted in the past year, with 50% of attacks driven by financial motives.2 Cyber attacks are not only escalating rapidly and becoming one of the top crimes committed globally, but are also growing in their magnitude, expense and complexity. The digital landscape is evolving quickly, and with it, the nature of cyber threats. In response, the European Union has introduced the NIS2 Directive, a comprehensive cybersecurity legislation that aims to bolster the resilience of essential services against cyber threats. This directive has significant implications for threat intelligence operations across, and even outside of, the EU.

Let’s delve into what NIS2 entails and what this means for threat intelligence at the organizational and national level.

What is NIS2?

NIS2 is the revised version of the original Network and Information Systems (NIS) Directive. It addresses the limitations of the previous directive by introducing consistent cybersecurity standards and practices across EU member states. The directive is designed to achieve a standardized, high level of cybersecurity and includes legally binding security requirements for a broad range of sectors.

The NIS2 Directive went into effect in January 2023, setting a deadline of October 2024 for EU member states to align their local legislation. Read on to find out whether NIS2 applies to your organization and learn how to prepare for compliance requirements in order to execute a smooth transition and avoid penalties.

What’s New in NIS2?

According to the NIS2 Directive, relevant organizations must adopt robust security protocols for their networks and information systems. This includes deploying anti-malware tools, implementing multi-factor authentication (MFA), utilizing encryption technologies and establishing access control mechanisms. These proactive security steps are essential in mitigating organizational risk and serve as a primary barrier against cyber threats, such as ransomware.

  • Obligation of incident disclosure: The NIS2 Directive requires organizations to promptly report any security breaches to relevant national authorities. This facilitates a unified approach among EU states in combatting widespread cyber threats.
  • Strategic cybersecurity frameworks: Each EU member state must create a comprehensive strategy for safeguarding network and information systems. This includes defining strategic objectives, as well as appropriate policy and regulatory actions.
  • Formation of CSIRTs: Member states must establish computer security incident response teams (CSIRTs). These teams are responsible for managing security incidents, exchanging vital information with other states and issuing early warnings about emerging cyber threats. The CSIRTs form part of an extensive network that fosters collaboration among national teams and external partners.
  • Higher stakes for non-compliance: Organizations that do not comply with NIS2 are subject to fines of up to €10 million or 2% of the organization’s annual worldwide turnover, whichever is greater.
  • Information and communication technology (ICT) supply chains and supplier security: Organizations are required to address cybersecurity threats within their ICT supply chains and supplier networks. While NIS2 may not directly govern certain suppliers, those providing products and/or services to regulated entities must still comply with the cybersecurity standards of NIS2. Member states, alongside the European Commission and the European Union Agency for Cybersecurity (ENISA), may perform security evaluations of critical supply chains across the EU.

Is Your Company Affected?

The NIS2 Directive applies to public and private entities involved in critical services or infrastructure, specifically those classified as medium or large enterprises, which operate within the EU. This includes companies in industries such as telecom and government, which are among the sectors most targeted by cyber attacks. Some entities will be subject to regulations regardless of their size, and member states may include additional entities under the NIS2 umbrella. The directive also applies to the supply chains of regulated entities.

Use the diagram below to understand if and how NIS2 applies to your organization:

NIS2 Directive entity criteria

Key Implications of NIS2 for Threat Intelligence

  1. Proactive security monitoring: NIS2 emphasizes proactive security monitoring. Threat intelligence teams will need to be vigilant and forward-thinking, using predictive analytics to anticipate and mitigate potential threats.
  2. Enhanced collaboration: NIS2 emphasizes the importance of collaboration in combating cyber threats. It establishes a framework for information sharing between EU Member States, allowing authorities to better understand the nature and scope of cyberattacks and coordinate their response.
  3. Stricter reporting requirements: Entities must submit an initial report or “early warning” to the national authority or CSIRT within 24 hours of becoming aware of a significant incident. Entities will need to take a more proactive approach to threat intelligence in order to comply with this tight timeline.
  4. Expanded scope of regulation: NIS2 includes more industries than past EU cybersecurity regulations and sets guidelines for medium- and large-sized companies, requiring a wider array of sectors and entities to adopt robust threat intelligence capabilities.
  5. Increased oversight and regulation: Regulators will have significant investigation and supervision powers, including on-site inspections. Organizations will be held to a higher standard of transparency and compliance with cybersecurity regulations.

How Does NIS2 Overlap with Other EU Policies?

The NIS2 Directive is a key component of the EU’s cybersecurity framework, which includes the Critical Entities Resilience (CER) Directive and the Digital Operational Resilience Act (DORA) for the financial sector. NIS2 includes industries regulated by both CER and DORA, ensuring that both physical and cyber resilience measures for critical entities are addressed in a comprehensive manner.  Entities marked as critical under the CER Directive are also bound by the cybersecurity requirements of NIS2, and the financial sector, which is regulated by DORA, is included in NIS2. Additionally, NIS2 promotes the exchange of information between national regulatory authorities responsible for the three regulations. This integrated approach harmonizes EU cybersecurity policies and ensures a resilient and collaborative defense against cyber threats.

How LUMINAR Can Help Your Organization Comply with NIS2

Cognyte’s LUMINAR threat intelligence solution empowers organizations with advanced threat intelligence capabilities necessary to ensure compliance with the requirements of NIS2.

LUMINAR is an AI-driven external threat intelligence software that enables security and risk management leaders to maintain visibility of their threat landscape and extract timely, accurate and actionable insights that can be applied before, during and after threats strike. LUMINAR provides SOC teams with targeted threat data and access to premium intelligence outputs, proven methodologies, and proprietary repositories, allowing them to respond faster and mitigate threats more effectively.

Here is how LUMINAR helps organizations comply with NIS2:

  • Early detection of cyber threats: LUMINAR’s ability to uncover threats early on is vital to implementing a proactive approach to cybersecurity. By providing extensive external visibility, LUMINAR empowers organizations with a deep understanding of potential adversaries’ activities, tools and plans, as well as identifying which of the organizations’ assets and resources are vulnerable, thus equipping them to preemptively counteract cyber threats.
  • Prioritization of threats: LUMINAR’S analytics-driven approach converts raw data into context-based, enriched, actionable intelligence. This enables organizations to proactively identify and prioritize threats effectively – a key aspect of the NIS2 Directive.
  • Comprehensive coverage and continuous monitoring: LUMINAR offers extensive coverage, monitoring threats across open, deep and dark web sites, as well as closed forums and messaging platforms. Its continuous live monitoring adapts to the evolving threat landscape, ensuring that SOCs can stay ahead of potential risks.
  • Advanced threat management: LUMINAR’s dedicated vulnerability intelligence module assists both in mitigating the risk of vulnerability exploitation and prioritizing the patching of high-profile vulnerabilities based on proprietary risk scoring of CVEs. The combination of both internal and external threat visibility provides a robust approach to threat intelligence, giving organizations timely, comprehensive, and targeted vulnerability intelligence, allowing them to mitigate and prevent threats as they develop. This aligns with the NIS2 Directive’s emphasis on a risk-based approach to cybersecurity.
threat intelligence solution vulnerability intelligence module

Vulnerability intelligence module

  • Augmented defense and risk mitigation: LUMINAR’s customized real-time dashboards and automated monitoring cover the full threat lifecycle and provide customer-tailored insights into attackers’ identities, motives and methods. This strengthens organizations’ overall security posture, which is crucial for NIS2 compliance.
  • External attack surface management: LUMINAR enables comprehensive monitoring and management of an organization’s entire external attack surface by identifying, classifying and monitoring the organization’s assets and ensuring that they are accounted for and protected, as well as continuously monitoring stolen access credentials marketplaces, ensuring that critical vulnerabilities can be swiftly addressed.
  • Automatic reporting: LUMINAR’s automatic reporting capability allows analysts to instantaneously create snapshot reports that can be swiftly and easily shared with stakeholders, making it easy to comply with the strict early reporting requirements of NIS2.


The NIS2 Directive marks a significant advancement in the EU’s commitment to bolstering cybersecurity. This directive, along with others like DORA and the CER Directive, signals a decisive move from voluntary to mandatory threat intelligence measures across critical sectors. Threat intelligence is no longer optional for critical entities, and has become a legal obligation, carrying stringent penalties for failure to comply. In response, organizations must adopt a proactive approach to meet regulatory requirements. Cognyte’s LUMINAR threat intelligence solution equips organizations with the tools to build a proactive cyber defense, ensuring that they not only comply with the NIS2 Directive but also enhance their overall resilience to cyber threats.

Click here to learn more about the LUMINAR threat intelligence solution



Let's Empower Decision Intelligence

Gilad Zahavi , VP Threat Intelligence

Gilad is a VP Threat Intelligence at Cognyte, leading the LUMINAR threat intelligence solution. Gilad has over 15 years of cyber security experience and is a leading expert in the threat intelligence domain. Prior to joining Cognyte, Gilad held executive positions at SenseCy Cyber Intelligence Ltd., which was one of the first global threat intelligence vendors. He holds an MA in Near & Middle Eastern Studies and a BA in Islamic Studies and Communications from Tel Aviv University.
See more from this author