Agencja Unii Europejskiej ds. Cyberbezpieczeństwa, Dobre praktyki w zakresie cyberbezpieczeństwa łańcucha dostaw

JUNE 2023

GOOD PRACTICES FOR SUPPLY CHAIN CYBERSECURITY

EXECUTIVE SUMMARY

Directive (EU) 2022/2555 (the NIS2 directive) requires Member States to ensure that essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems, which those entities use in the provision of their services. Supply chain cybersecurity is considered an integral part of the cybersecurity risk management measures under Article 21(2) of the NIS2 directive.

The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organisations in the EU.

Among the findings the following points are observed.