Personal Liability in Leadership Positions: The Impact of the NIS2 Directive

🚨 Personal Liability in Leadership Positions 🚨

The introduction of the NIS2 Directive brings significant changes in the areas of security and compliance, forcing companies to rethink their existing security strategies. A central aspect of the new regulation is the expanded liability of corporate bodies, namely managing directors and board members. They can now be held accountable for shortcomings in cybersecurity. This significantly increases the personal responsibility of the leadership for a company’s IT security posture.

A common misconception in this context is that certifications, such as ISO 27001, protect against this liability. Companies often rely on such standards, assuming that fulfilling the associated requirements is sufficient to eliminate liability risks. However, this is a misunderstanding. Certifications and measures like implementing an Information Security Management System (ISMS) are merely tools within risk management. While they reduce the risk of security incidents, they can never completely eliminate it—and therefore not the personal liability either.

As is generally true in risk management: Preventive measures can minimize risk but never completely eliminate it. The liability of corporate bodies remains, even if a company is certified or has implemented an ISMS. The responsibility of management continues to be to take appropriate measures to mitigate risks while ensuring continuous improvement of security standards.

Companies should not be lulled into a false sense of security but should recognize that security and compliance are ongoing tasks, with personal liability of the leadership being an integral part. The introduction of the NIS2 Directive now makes this responsibility even clearer.

💡 Note for Swiss Companies

While the NIS2 Directive is an EU regulation, it can also be relevant for Swiss companies, especially in supplier management or for locations within the EU where compliance is required.

PROTECT YOUR DATA.
PROTECT YOUR PRIVACY.
PROTECT YOURSELF.

🔐 DATAPROTECT AG
Simply secure.