Cyber Threats and Their Management – How Secapp Supports Preparedness, Response and Continuity

The NIS2 Directive gives an opportunity to strengthen your organization’s preparedness for cyber threats and improve continuity management. Its aim is to raise the overall level of cybersecurity across European organizations. The directive applies to organizations operating in certain critical sectors of society, but its content also offers useful guidance for other organizations.

The directive sets out minimum measures that organizations must implement in order to prepare for and manage cybersecurity risks.

Secapp supports compliance with the directive by providing comprehensive tools for preparedness, incident management, and rapid response. It is a system independent of the organization’s own IT infrastructure, helping ensure continuity even in crisis situations.

The cybersecurity risk management framework and the related management measures must take into account and keep up to date at least the ten key areas listed in Article 21 of the NIS2 Directive. Secapp helps address 6 out of these 10 management measures:

1. Policies on risk analysis and information system security
2. Incident handling; S
3. Business continuity management, such as backup management and recovery planning, as well as crisis management; S
4. Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers; S
5. Security in the acquisition, development, and maintenance of network and information systems, including vulnerability handling and disclosure; S
6. Policies and procedures to assess the effectiveness of cybersecurity risk management measures
7. Basic cyber hygiene practices and cybersecurity training
8. Policies and procedures regarding the use of cryptography and, where appropriate, encryption
9. Human resources security, access control policies, and asset management; S
10. Where appropriate, the use of multi-factor authentication or continuous authentication solutions, secure voice, video, and text communications, and secure emergency communication systems within the entity; S

In addition, the NIS2 Directive introduces an obligation to notify authorities and stakeholders of certain types of serious incidents. This reporting obligation has three stages:

• the entity must submit an initial notification to the supervisory authority within 24 hours of becoming aware of the incident,
• a follow-up notification within 72 hours,
• and a final report once the incident has been resolved.

Actions carried out in Secapp are automatically recorded in the system, creating a clear incident log that can be exported when needed. This helps organisations collect and structure the information often required in incident follow-up and in preparing reports for authorities and other stakeholders.

Preparedness and anticipation are the best ways to manage risks. A common challenge for organizations is that operating models for exceptional situations are not widely known or have not been tested in practice.

In most organizations, people are not simply waiting for disruptions to happen, ready to respond at a moment’s notice. They also have other responsibilities as part of their day-to-day work. When something unexpected happens, it interrupts the normal flow of work and increases stress levels. In these situations, it is important that operating models are in place and that people are familiar with them in advance. Confidence in familiar procedures brings a sense of security, even in situations that may feel chaotic.

With Secapp, you can prepare for different exceptional situations by creating message templates in advance and targeting them to the right individuals or groups. Within the system, you can select the alert level of a message and attach a task list to support the resolution of the situation.

By integrating Secapp with other systems, you can ensure that alerts always reach the right people and that communication runs smoothly in critical situations. This helps employees act correctly even when stress levels rise.

Secapp also supports training for a wide range of scenarios, from tabletop exercises to major emergency drills.

Read also: Practice Makes Perfect – The Port of Helsinki Safety Exercise

During a cyber incident, maintaining continuity often depends on whether the organization can still reach its people, coordinate actions and keep decision-makers informed while the primary IT environment is disrupted.

This is one of the areas where Secapp delivers clear operational value.

In 2022, Central Uusimaa Municipal Education Association (Keuda) in Finland was targeted by a severe cyberattack that shut down its entire IT environment for nearly a month. As an immediate consequence of the attack and as a precautionary measure, Keuda disconnected all of the organization’s network and server connections. During the first days of the incident, Keuda communicated with its personnel exclusively through Secapp.

A backup channel for communication and coordination during disruption

Secapp operates separately from the organization’s own core IT environment, helping support continuity in situations where internal systems are unavailable or access to them is restricted. This allows organizations to continue alerting personnel, sharing instructions, coordinating actions and maintaining a common operational picture even during significant disruption.

When an organization faces a security incident such as a data breach, one of the biggest challenges is reaching key personnel quickly, regardless of the time of day. Attacks are often timed for moments when the target organization’s personnel are least likely to be at work. With Secapp, critical messages can be sent within seconds to the entire workforce, selected key personnel or specific stakeholder groups. Messages can be delivered through multiple channels, including the app, SMS, email and automated voice calls, helping improve reach. With Secapp, critical messages are always noticed, as the system’s highest alert level bypasses the silent mode settings of mobile devices. This helps incident leaders and response teams mobilize quickly and focus on investigation, containment and recovery with less delay.

Secapp’s capabilities go beyond sending a high-priority alert. Real-time acknowledgements (OK/NOK), task management and status updates help organizations understand who is responding, what actions are underway and what still needs attention. This supports fact-based decision-making and a continuously updated situational picture. Messages can include practical response content such as instructions, attachments, chat, or a video meeting link. When primary communication systems are disrupted, Secapp’s secure voice, video and text communication features provide a reliable backup channel for coordinating daily work and recovery actions.

Secapp also supports structured incident response and documentation. Checklists, digital forms and automatically logged actions help organizations manage incidents consistently, maintain a clear situation log and compile the information needed for reporting, post-incident review and compliance-related follow-up.

Read more: Secapp Improves Your Organization’s IT Wellbeing

Cyber resilience is not built on technical controls alone. It also depends on whether an organization can communicate clearly, coordinate quickly and document actions reliably when disruption occurs.

That is where Secapp brings practical value.

Secapp helps organizations prepare for incidents in advance, activate response quickly, maintain situational awareness, coordinate across teams and organizations, and create the documentation needed for follow-up. Instead of treating alerting, coordination and reporting as separate tasks, Secapp brings them together in one operational workflow.

For organizations strengthening preparedness under NIS2 and beyond, this means more than compliance support. It means better readiness, faster response and stronger continuity when every second matters.

Read more: How Secapp supports coordination between organizations