NIS2 requires a CSIRT contact point: what it means
The NIS2 Directive introduces strict requirements for cyber incident management. Every organisation within scope must designate a contact point with the national CSIRT (Computer Security Incident Response Team) — in Italy, this is CSIRT Italia at the ACN (Italian National Cybersecurity Agency).
In the event of a significant incident, the organisation must submit a pre-notification within 24 hours of discovery, a formal notification within 72 hours with technical details, and a complete final report within one month. These deadlines are non-negotiable, and failure to comply exposes the organisation to fines of up to €10 million or 2% of global turnover.
Why SMEs cannot do it alone
According to the Cyber Index PMI 2026, only 16% of Italian SMEs have an adequate security posture. For the vast majority of small and medium-sized enterprises, meeting NIS2 obligations with internal resources alone is simply unrealistic:
- Lack of specialised internal expertise— incident management requires analysts with experience in forensics, triage and communication with authorities.
- High cost of a dedicated 24/7 CSIRT team— maintaining a round-the-clock internal team with the required skills is unsustainable for most SMEs.
- Tight notification deadlines (24h/72h) hard to meet without structure— without proven processes and proper tooling, meeting NIS2 deadlines becomes a real risk.
- Fines of up to €10M or 2% of turnover— NIS2 penalties are proportional to revenue and can have a devastating impact on a mid-sized organisation.
What the outsourced CSIRT service includes
Our outsourced CSIRT service is designed to give SMEs everything they need to comply with NIS2, without building an in-house team:
- 1Dedicated contact point— a single point of contact with CSIRT Italia and the ACN, familiar with your infrastructure and managing all communications with authorities. Learn more.
- 2Notification management— pre-notification within 24h, formal notification within 72h and final report within 1 month, with structured and tested processes. Incident Response & Recovery.
- 3Monitoring and triage — continuous threat detection with EDR and XDR solutions to identify and classify incidents in real time.
- 4Operational coordination— managing the full incident lifecycle, from containment to recovery, in coordination with your IT team. Our cybersecurity services.
- 5Audit-ready documentation— production of all documentation needed to demonstrate compliance in the event of an ACN audit. Our certifications.
A certified local partner
AtWorkStudio has been operating from Piacenza since 2000. We hold ISO/IEC 27001, 27017, 27018 and ISO 9001 certifications, with ACN qualification for cloud services. We are members of Clusit (Italian Association for Information Security) and affiliated with Confindustria Piacenza in the RICT cluster.
Our outsourced CSIRT service is built on hands-on experience with SMEs: we understand their dynamics, constraints and priorities — helping businesses stay secure and compliant without disrupting daily operations.