Nis 2, Also Known as the Cybersecurity Act, Will Have a Significant Impact on (IT) Recruitment

IT security and cyber specialists, as well as the AIVD and MIVD, have warned for some time that a third world war is already being waged in ‘cyberspace’. As the Russian threat becomes more serious, the importance of NIS 2 increases even further. For recruitment, this means an additional skill to look for and hire for, as well as adjustments to recruitment and screening processes. Given the recent recruitment security issues at the Tax Administration, Schiphol, and prison transport, there is much work to be done for Dutch and European recruitment leaders.

Geert-Jan Waasdorp on June 24, 2024 Average reading time: 4 min
Share this article:
Nis 2, Also Known as the Cybersecurity Act, Will Have a Significant Impact on (IT) Recruitment

What is NIS2?

NIS2, formally known as Directive (EU) 2022/0857 and referred to as the Cybersecurity Act in the Netherlands, entails measures to ensure a high cybersecurity standard across the European Union. The objective of this law is to strengthen cybersecurity in all member states. Unlike previous legislation (NIS1), NIS2 covers a broader range of sectors and organisations, meaning that more entities must comply with cybersecurity requirements.

To determine whether your organisation must comply with NIS2, you can complete the NIS2 self-assessment NL. However, it is safe to say that any organisation in the Netherlands with more than 250 employees and those vital to Dutch society and the economy will fall under this directive. In short, it would be unusual for a Dutch company with a recruitment department not to be affected by this.

NIS2 implies that organisations must implement stricter security measures to protect their network and information systems. These measures include technical security controls, awareness programs, and incident reporting. Additionally, there will be an increased focus on the supply chain, meaning staffing agencies and brokers must demonstrate that they are attentive to all new and additional cybersecurity requirements.

A New Hot Skill and Target Audience

With the advent of the new cybersecurity act, the demand for knowledge of the NIS2 skill will increase significantly (see the explosive growth in the number of job vacancies mentioning NIS2).

The roles include:

  • Cyber Security Engineer
  • IT Security Consultant
  • Security Analyst
  • Head of Information Management
  • Security Officer
  • ICT Security Coordinator
  • Risk Manager

This is a growing market and opportunity for recruiters and recruitment agencies. At the same time, it is also a domain where recruiters need to know much more because they are the ‘gatekeepers’ in attracting these individuals. Moreover, they also play a crucial role in keeping out cyber criminals, infiltrators, moles, and individuals with high-integrity risks. Recruiters themselves will also need to pass such tests. Besides signing the recruiter code and completing recruitment training, a Certificate of Good Conduct and screening of recruiters and those in the supply chain will increasingly become required. This creates an initial shift at the gate but will only be partially watertight.

Consequences of NIS2 for Candidate Screening and Recruitment Processes

In addition to training, educating, and monitoring their employees on cybersecurity awareness, everyone involved must be much more aware of cybersecurity threats. For recruiters, NIS2 entails:

  • Stricter Background Checks and Antecedent Investigations: Recruiters must conduct rigorous background checks to ensure candidates do not have a criminal record related to cyber-related crimes.
  • Verification of Cybersecurity Background: A candidate’s cybersecurity background, including education, work experience, and certifications, must be verified.
  • Increased Focus on Cybersecurity Awareness in Interviews: Recruiters must ask more questions about candidates’ cybersecurity awareness and how they handle cyber threats.
  • Training on NIS2 Guidelines: All staff involved in the recruitment process must be trained in NIS2 guidelines and how to adhere to them.

Furthermore, recruiters must ensure that all IT systems used during the recruitment process are secure and comply with NIS2 requirements for their IT systems and partners. This is essential to protecting candidates’ privacy and ensuring their data is securely stored and processed.

NIS2 represents a significant shift in how cybersecurity is integrated into recruitment practices. It demands more diligence and expertise from recruiters to safeguard against cybercriminals, infiltrators, and individuals with high integrity risks. As recruiters navigate these new requirements, ensuring compliance will strengthen their cybersecurity posture and enhance trust with candidates and clients.

Implications of NIS2 for Recruitment

The high demand for cyber and risk specialists will see explosive growth, leading to significant scarcity and an increase in salaries, the number of freelancers, and their hourly rates. This scarcity and the necessary screening and controls will result in longer recruitment processes and higher costs.

Everyone reading this already knew that recruitment was a severe profession. However, with the surge in fraud surrounding recruitment and now with NIS2, it is clear to everyone that professional recruitment and a robust recruitment process are crucial for keeping out individuals who jeopardise business and societal continuity, especially those who may interact with vital systems or sensitive data. Therefore, it is essential for recruitment professionals to carefully consider the specific impact of NIS2 on hiring, candidate screening, and recruitment processes, as this will vary by organisation. It depends on the sector they operate in, the scale of their IT infrastructure, and the number of cybersecurity professionals they require. Ultimately, this threat presents a significant opportunity for the profession.

Where to Start?

Are you looking to gain more insight into ensuring security in hiring and recruitment? The Masterclass on Integrity, Security, and Risk Management in Recruitment and Hiring provides in-depth knowledge and practical skills. Learn more about the masterclass by clicking the button below:

Yes, I would like to learn more
Share this article:
Geert-Jan Waasdorp

Geert-Jan Waasdorp

Entrepreneur and Investor at Intelligence Group, Academie voor Arbeidsmarktcommunicatie, Werf&, Arbeidsmarktkansen, Recruitment Accelerator en Recruiteverywhere.com
Geert-Jan Waasdorp has been active in the world of job market communication and recruitment since 1999. He started his journey as an analyst, and grow into an entrepreneur, business owner, investor and innovator. Waasdorp is a guest speaker, blogger and author of several books on recruitment and employer branding.
Watch full profile

Premium partners View all partners

Intelligence Group
Ravecruitment
RecruitAgent
Recruitment Tech
Timetohire
Werf&

Read the newsletter about total talent acquisition.