Interview With Mark Reich, Chief Revenue Officer (CRO) at Lawpilots, About NIS2.

Dear Mark Reich, what should be the first thing companies should do to prepare for the NIS2 Directive?

To prepare for the NIS2 Directive, companies should first conduct a thorough risk analysis. The aim is to find out which business processes and IT systems are affected by the directive. After that, you should take a look at the current security infrastructure. In this way, weak points can be identified and addressed in a targeted manner.

It is also very important to promote a strong safety culture. Everyone in the company should have a common understanding of cybersecurity – this is the only way to be protected in the long term. It would also make sense to put together an interdisciplinary team. This team should include both IT security and legal experts in order to have a good understanding of the technical and legal requirements of the directive and to implement them in practice.

To meet the NIS2 requirements, companies can set up an information security management system, i.e. an ISMS. This is a systematic approach to managing and securing information. An ISMS ensures that sensitive data is protected and that the right processes are running.

To ensure that employees are well prepared for the challenges of information security, we offer a special ISMS training course in which employees learn why an ISMS is important and how they can use it effectively in their everyday work.

What role do employees play in the implementation of the NIS2 Directive and why is their involvement so important?

Employee involvement is really crucial when it comes to implementing the NIS2 policy. After all, they work with sensitive data and IT systems on a daily basis, and their behavior has a direct impact on the security of the company. That’s why it’s so important that they are well trained and know what NIS2 is all about. Only if everyone in the company is aware of IT security and cyber risks can the required standards really be met.

Our IT security training courses help to convey the topic in an understandable and practical way so that employees are always up to date on cyber security.

Why is it necessary to train employees specifically for NIS2 implementation, and what are the risks if this does not happen?

It’s important to train employees specifically for the NIS2 policy because cybersecurity requirements are quite specific. Without the appropriate knowledge, it is almost impossible to implement these requirements correctly. If employees aren’t trained, there are many risks: data breaches, accidental breaches, or even security incidents.

If they don’t understand the NIS2 requirements properly, security gaps can be inadvertently created, making the company more vulnerable to cyber attacks. This can then also have legal consequences and lead to high financial losses.

lawpilots has developed a new microlearning system for NIS2 implementation. What is the approach of this learning module and how does it differ from traditional training methods?

Our microlearning for NIS2 implementation is designed to convey the most important information in a short time. In just a few minutes, employees learn the basics: What is NIS2? Who is affected? Who is responsible? And what do companies have to do specifically to meet the requirements?

The big difference to traditional training is that microlearning is super compact. They are easy to integrate into everyday work and prepare employees in a practical way and without spending a lot of time to understand and implement the legal requirements.

What specific content does microlearning cover and how is it ensured that participants acquire the necessary knowledge effectively?

The microlearning for NIS2 implementation covers all the important content needed to understand and implement the directive. A large part is dedicated to the specific obligations: What do you have to do to comply with the directive? Who bears what responsibility? This includes things like risk management, security measures, and the obligation to report cyber incidents. The whole thing is supported by practical examples and scenarios so that employees can apply what they have learned directly to their everyday work.

To ensure that the knowledge really sticks, we rely on short, easy-to-understand learning units that can be easily integrated into everyday work. Interactive elements such as quizzes and exercises ensure that participants can consolidate their knowledge and implement it directly. This means that they are well prepared to reliably comply with the NIS2 specifications.

Can you give an example of how the knowledge imparted in microlearning can be applied in practice?

A practical example would be if you work in the IT department of a large company and notice suspicious network activity. Thanks to microlearning, you know how important it is to report such incidents immediately. This allows the incident to be contained quickly and further analyzed, for example, with the help of the implemented information security management system. In this way, you as an employee help to secure operations and ensure the cybersecurity of the company – in line with NIS2 requirements.

What are the advantages for companies that prepare their employees for the NIS2 Directive with the help of microlearning?

Companies that prepare their employees for the NIS2 directive with the help of our microlearning benefit in several areas.

First, the short and concise learning units make it easier for employees to quickly grasp and apply the knowledge. They can integrate the module into their daily work without losing much time.

Second, microlearning promotes an understanding of cybersecurity and the specific requirements of the NIS2 Directive. When employees know how important their role is, they also feel more involved in the company’s safety culture.

In addition, microlearning ensures that the information remains up-to-date and relevant. E-learning courses can be updated regularly to take account of new requirements or changes in legislation.

Overall, this means that companies are better prepared for security incidents.

are prepared and can implement NIS2 requirements more effectively, ultimately reducing the risk of data breaches and building customer trust.

How do you see the future development in terms of NIS2 compliance and the role of online training such as your microlearning?

I see the future development in terms of compliance with the NIS2 Directive as very positive, especially because awareness of cybersecurity is constantly growing. Companies are increasingly recognizing that the security of their data and systems is not just an IT matter, but that all employees have a role to play. The NIS2 Directive is considered an important framework for achieving a high level of safety.

E-learning plays a crucial role in this development. They offer a flexible and effective way to train employees quickly and in a targeted manner, can be easily integrated into everyday work and give employees the opportunity to access up-to-date knowledge at any time.

I think that we will rely even more on such formats in the future, because they not only impart knowledge, but also promote employee engagement. When training is interactive and hands-on, it helps to better understand the importance of NIS2 requirements and strengthens the overall safety culture in the company. Ultimately, such e-learning will be crucial to ensure compliance and increase the overall resilience of organizations in an increasingly complex IT landscape.

About Mark Reich:

Mark Reich is Chief Revenue Officer at lawpilots, with many years of experience in sales and customer support in both large and small technology companies.

Find out more about lawpilots in the Provider Directory.