Ioan Exarch St. No. 13, Sofia, BG
+ 359 / 087 90 58310
office@cybernetics.bg
Cybernetics LTD
Cybernetics LTD

NIS 2 and management responsibility: what leadership should know

"Prevention is cheaper than a breach"

Промените в Закона за киберсигурност, свързани с NIS 2, обнародвани в Държавен вестник, бр. 17 от 13 февруари 2026 г., поставят по-ясен акцент върху ролята на управлението.  За съществените и важните субекти киберсигурността вече не е само техническа дейност, а част от управлението на риска в организацията.За съществените и важните субекти киберсигурността вече не е само техническа дейност, а част от управлението на риска в организацията. Законът предвижда управителните органи да одобряват мерките за управление на риска в областта на киберсигурността и да следят за тяхното прилагане. Това означава, че ръководството трябва да има достатъчна яснота какви мерки са въведени, как се изпълняват и дали отговарят на реалните рискове за дейността. Сред ключовите моменти, които засягат управлението, са:

1
Approval of risk management measures;
2
Monitoring their implementation;
3
Training of members of management bodies every two years;
4
Organizing training for employees;
5
Clear allocation of responsibilities;
6
Ability to demonstrate what actions have been taken
This change is important because, in the event of an inspection or incident, it is not enough for the organization to state that it has technical support. It must be able to demonstrate that the risk has been assessed, that measures have been adopted, and that they are being applied in practice. For many companies, this is where the first difficulties arise. Some measures exist but are not documented well enough. Others have been implemented only partially. In other cases, there is no clear connection between the risk, the responsibilities, and the actual actions taken. That is why the first practical step is an assessment of the current state: what measures the organization already has, which of them meet the requirements, where gaps exist, and what should be prioritized. This gives management a clear basis for decision-making instead of acting on assumptions. NIS 2 sets higher expectations for management not because managers are expected to be technical specialists, but because cyber risks are now part of the organization’s overall business risk.

Popular Posts

Глоби, срокове и реален риск: защо NIS 2 не е тема за „по-нататък“

Fines, deadlines and real risk: why NIS 2 is not a “later” topic

May 10, 2026
Надеждни решения по киберсигурност

Reliable Cybersecurity Solutions

May 10, 2026
Изисквания на NIS 2: кои мерки трябва да прегледат фирмите

NIS 2 requirements: which measures companies should review

May 10, 2026
NIS 2 и управленската отговорност: какво трябва да знае ръководството

NIS 2 and management responsibility: what leadership should know

May 7, 2026
Бизнес киберзащита 2025: Предизвикателството на Zero-Day уязвимостите

Business Cybersecurity 2025: The Challenge of Zero-Day Vulnerabilities

October 8, 2025
Най-новите Zero-Day уязвимости, които всяка организация трябва да познава

The Latest Zero-Day Vulnerabilities Every Organization Should Be Aware Of

October 8, 2025

Popular Tags

AI Threats Cloud Security Cyber Awareness Cybersecurity Data Protection Incident Response Network Defense Phishing Ransomware SOC Threat Detection Zero-Day
Scroll to top

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by