The NIS 2 Directive has issued a significant warning to companies within the European Union: the personal liability of directors for lack of compliance is now a critical issue that cannot be ignored.
As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing to take steps to limit the risk.
