Many companies today invest significant resources to secure their internal IT. Firewalls, monitoring, incident response plans, and awareness programs are well-established. At the same time, a dangerous illusion is growing: the assumption that risks can be controlled within the boundaries of one’s own system. The reality is quite different. Modern business models are virtually inconceivable without external IT service providers, cloud services, software vendors, and specialized subcontractors. This is precisely where the greatest uncertainties arise. NIS2 addresses this development and clarifies that cybersecurity doesn’t end at the company’s own firewall. The guideline compels companies to r...