Home News The new cyber security regulation will affect thousands of companies in the Czech Republic

The new cyber security regulation will affect thousands of companies in the Czech Republic

The new cyber security regulation will affect thousands of companies in the Czech Republic

The cybernetic flow of the world is a year since the beginning of the century. For example, the National Association for Cybernetic and Information Security’s (NKIB) pledge for 2023 shows that the number of cybernetic incidents has doubled since last year. The new European directive NIS2, which will be domestically reflected in the new cyber security law, should patch up the situation in the entire EU room.

The law should theoretically come into force at the end of the summer, given that the draft law is still at the Legislative Council of the Government, it can be expected to be decided soon. However, according to the experts who discussed the NIS2 directive at an experienced meeting of the Ekonom weekly, companies that will be affected by the new regulation should not ignore the rules of the obligation to prepare immediately.

Economic Debate

Debates osmrnici NIS2 represented (from left): the founder of the Legitas law firm Peter Stupkovadvisor for cyber security of the ANECT community Ivan Svobodapartner of the BDO Czech Republic company responsible for the field of technological consulting and cyber security Tom Kubek senior cyber security specialist ATS-TELCOM PRAGUE Vladimir Kadra. The debate was moderated by the editor of Ekonom Peter Kain.

What will happen to the company itself, NIS2, eh? First, they will have to develop detailed risk analyzes to consider cyber security throughout the supply chain. Additionally, there will be, among other things, regular kneeling of employees, rapid reporting of incident safety reporting to the company, and the European level. A new feature is the need to use the European cyber security product certification system. Non-compliance with NIS2 is a threat of millions of fines and fines for top management.

A fine is a valid motivation

According to Ivan Svoboda, an adviser for cyber security of the Anect society, the threat of fines should definitely not be the right motivating factor for any cyber security officer. You forget the sanctions. A much more serious threat is that your company will be attacked by a hacker. There are much more vt, to Freedom. According to him, the hacker’s demands usually amount to more than ten percent of the company’s turnover. I agree that the company will receive a percentage of the turnover, but that is only one of the conditions connected by the sewer. It may happen that some of your services will not work for a week, month or even half a year due to hacking. That’s where your investments of several hundred million go, Svoboda explains.

The NIS2 Directive not only introduces new rules, it also widens the range of companies that will be affected. According to Tom Kubek, a partner of the BDO Czech Republic company responsible for the field of cybersecurity technology consulting, it is not yet clear how many companies will be affected by the new cybersecurity law. The reason is simple. The law is still in the Legislative Council of the Government and it is possible that some of its parameters can be changed.

Due to the hacking flow, many of your services may not work for half a year. Then your investment will cost several hundred million.

At a minimum, the law should affect about six to seven thousand companies, but depending on how the parameters change, there should be around 10 to 12 thousand companies. Every day, this will mean that a number of companies will have to deal with cyber security. with a village of approximately ten people.

According to Vladimr Kadra, senior cyber security specialist at ATS-Telecom Prague, companies affected by NIS2 and the cyber laws will fall under the responsibility of either of them. Both regimes are pretty punchy. In this agreement, the obligations regarding documentation or technical measures are set rather widely. Their duty is to take you as a minimum that the company must meet, to the HR.

From the long content of sla


Economics and psychology

Events of the week

Tma sla


Dal tmata






According to some discussions, companies’ readiness for new regulation will be affected. While large companies, such as your bank, have always had cyber security in place for a long time, the other medium-sized defects are still developing. It is true that the regulations apply to me, but wait and see what happens, to Kadra.

According to Petra Stupkov, the founder of the Legitas law firm, however, companies that have the slightest feeling that they might fall short of their obligations should quickly prepare for the new liability rules. According to him, the problem could arise due to the filling of new mandatory job positions related to cyber security. Not only the country, but the entire country will not have enough qualified labor force for them. The work will be outsourced, but companies should look for someone who could take care of it, the Stupkovs.

Not just your own security

A significant delay for a number of companies is the fact that NIS2 deepens the obligation to secure the supply chain. In other words, companies should cooperate only with a hundred suppliers who meet the given criteria. On the one hand, companies have to analyze the risk of a certain supplier going out of business as a result of cyberattacks. He also has to analyze how reliable their supplier is if a dog or a dumb hacker gets into the house of his own company, to Svoboda.

However, an open question is how these suppliers will be controlled. My customer is just a supplier of a number of entities that fall under the scope of their obligation, and they wrote it to him, so they will start auditing it. But how will it go? Will all these customers send their own auditor teams to the company? That’s unimaginable, Kubek.

Companies should test it every day today to see how they are able to cope with the falling cyber flow. This is, of course, because we do not have a lot of information about cyber security. Naty, the hacker will not really ask you, k. According to Tom Kubek, companies should therefore undergo an external vulnerability test, let independent experts test what would happen if a hacker really fell in love with them. When you have a factory, fence it too, build a garden and decide who you let in. When business takes place in cyberspace today, you have to make a similar mistake there, to Kubek.

As Stupkov advises, every company should realize that cyber security is not a one-wheeled cycle that can be kicked off at a certain date and then put its feet back on. It is a way of life that you must start soon, k.