NIS 2 Penetration Testing Providers
Network and Information Security Directive 2 · Europe
NIS 2 is the EU's updated cybersecurity directive that significantly expands the scope and requirements of the original NIS Directive. Effective from October 2024, NIS 2 applies to essential and important entities across 18 sectors and introduces stricter security requirements, incident reporting obligations, and supply chain security measures.
Article 21 requires entities to implement risk-based cybersecurity measures including vulnerability handling and disclosure, security testing, and security audits. NIS 2 explicitly recognises penetration testing as a key security measure and encourages regular testing of network and information systems.
The directive also introduces personal accountability for management bodies, making senior leadership directly responsible for approving and overseeing cybersecurity risk management measures. Non-compliance can result in fines of up to 10 million euros or 2% of global annual turnover for essential entities. Penetration testing helps organisations meet NIS 2 requirements by identifying vulnerabilities, testing incident response capabilities, and demonstrating a proactive approach to cybersecurity risk management.
SECFORCE
Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements.
NCC Group
Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.
Nettitude
CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.
Pen Test Partners
The UK's largest independent security testing firm, renowned for IoT/OT research, CBEST red teaming, and CHECK/CREST-accredited penetration testing across all sectors.
PwC Cyber Security
Global Big Four professional services firm delivering CREST, CHECK, and CBEST-accredited penetration testing and red teaming services from London, serving the UK's largest enterprises and regulated organisations.
Dionach
Global enterprise cybersecurity consultancy founded in 1999 in Oxford, holding rare CREST STAR-FS accreditation and delivering penetration testing, red and purple teaming, and PCI QSA services across five international offices.
MDSec
Elite UK offensive security consultancy specialising in CBEST/STAR/TIBER red teaming, advanced adversary simulation, and CREST-accredited penetration testing for FTSE 100 clients.
Aristi
CHECK and CREST-accredited Birmingham-based cyber security consultancy with over 15 years of experience delivering penetration testing, red teaming, and OT security assessments for government and private sector clients.
Bridewell
Fast-growing CREST and CHECK-accredited UK cybersecurity consultancy with deep expertise in critical national infrastructure sectors.
JUMPSEC
Full-service London-based cybersecurity consultancy with CREST, CHECK, and NCSC accreditations delivering offensive testing, managed detection, and strategic advisory services.
LRQA
The only organisation worldwide with a full suite of CREST accreditations. 250+ cybersecurity specialists operating in 55+ countries across pen testing, red teaming, and incident response.
Salus Cyber
Award-winning Cheltenham-based cybersecurity consultancy with NCSC CHECK Green Light status and CREST approval, specialising in defence, government, and critical national infrastructure security.
NIS 2 FAQs
Who does NIS 2 apply to?+
NIS 2 applies to essential entities (energy, transport, health, digital infrastructure, etc.) and important entities (manufacturing, food, chemicals, digital providers, etc.) with more than 50 employees or 10M EUR turnover.
What security testing does NIS 2 require?+
Article 21 requires risk-based cybersecurity measures including vulnerability handling, security testing, and cyber hygiene practices. Penetration testing is the primary method for meeting security testing requirements.
When does NIS 2 take effect?+
NIS 2 entered into force in January 2023 with EU member states required to transpose it into national law by October 2024. Most member states have implemented or are implementing national legislation.