Abstract
The NIS 2 Directive (2022/2555) of the European Union (EU) identifies the cybersecurity risk management requirements for essential and important entities in EU member states. The principal question we address is, how effective are the cybersecurity risk management measures of the NIS 2 Directive against cyberattacks on essential and important entities in EU member states? It was observed, through statutory interpretation and cyber kill chain model analysis, that the cybersecurity risk management measures of the NIS 2 Directive may be significantly limited in their effectiveness against cyberattacks on essential and important entities in EU member states. The limited effectiveness is primarily due to the narrow scope of the cybersecurity risk management measures, including the lack of specific measures focused on the reconnaissance phase of a cyberattack.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
