Abstract:

The increasing digitalisation of the transport sector exposes organisations to growing cybersecurity threats. The NIS2 Directive establishes a set of cybersecurity risk management measures for essential and important entities, including the requirement to implement basic cyber hygiene practices and security training for personnel (European Union, 2022). This paper examines criterion 7 of Article 21 of the Directive, focusing on its application across different modes of transport, including rail, aviation, maritime, and road. By analysing regulatory guidance, sectoral reports, and academic studies, the paper highlights both common challenges and sector-specific approaches to human-centric cybersecurity. The findings demonstrate that cyber hygiene and training are fundamental to building cyber resilience, particularly in sectors where operational continuity is directly linked to safety.