Veeam Survey Shows 90% of EMEA Companies Experienced Cybersecurity Incidents That NIS2 Could Have Averted – Intelligent CISO

Published:

Navigating the NIS2 Compliance Landscape: Confidence vs. Reality

As the enforcement date for the Network and Information Security Directive 2022/2555 (NIS2) approaches, businesses across Europe find themselves in a complex emotional landscape. While approximately 80% of organizations express confidence in their ability to comply with NIS2, a staggering 66% anticipate missing the compliance deadline. This paradox raises critical questions about the state of cybersecurity preparedness in the European Union.

Understanding NIS2: A New Era of Cybersecurity Regulation

NIS2 is a significant regulatory framework designed to enhance cybersecurity across the EU by expanding its scope and increasing the rigor of security requirements. The directive aims to create a more resilient digital environment by mandating that organizations implement essential cybersecurity measures, including incident response plans, supply chain security, and vulnerability assessments. As the directive officially took effect on October 18, 2023, organizations are scrambling to align their practices with these new standards.

Survey Insights: Confidence Amidst Challenges

A recent survey commissioned by Veeam Software and conducted by Censuswide sheds light on the current state of NIS2 compliance among IT decision-makers in the EMEA region. The survey, which included over 500 respondents from Belgium, France, Germany, the Netherlands, and the UK, revealed that while nearly 80% of businesses are confident in their eventual compliance, two-thirds are likely to miss the immediate deadline.

Alarmingly, only 43% of respondents believe that NIS2 will significantly enhance EU cybersecurity, despite 90% reporting at least one security incident in the past year that could have been prevented by the directive. This disconnect between confidence and perceived effectiveness raises concerns about the overall impact of NIS2 on cybersecurity resilience.

Barriers to Compliance: A Multifaceted Challenge

Achieving compliance with NIS2 is no small feat. Organizations must navigate a myriad of challenges, including:

  • Technical Debt (24%): Many organizations are burdened by outdated systems and technologies that hinder their ability to implement new security measures.
  • Lack of Leadership Understanding (23%): A disconnect between IT teams and executive leadership can lead to insufficient prioritization of cybersecurity initiatives.
  • Insufficient Budget/Investments (21%): Despite the pressing need for enhanced cybersecurity, 40% of respondents reported decreased IT budgets since the political agreement for NIS2 was announced in January 2023.

These barriers are compounded by the perception that the consequences of non-compliance are not severe enough to warrant immediate action. A significant 42% of respondents view NIS2 as lacking in urgency, which contributes to a culture of apathy towards compliance.

Competitive Pressures and Cyber Threats

The slow pace of NIS2 adoption can also be attributed to the multitude of competing priorities that organizations face. Respondents ranked NIS2 lower in urgency than ten other pressing issues, including the skills gap, profitability, and digital transformation. This prioritization reflects a broader trend where cybersecurity initiatives are often sidelined in favor of immediate business objectives.

Despite these challenges, 74% of respondents view NIS2 as beneficial, although 57% doubt its potential to substantially improve the overall cybersecurity posture of the EU. Skepticism stems from concerns about the directive’s comprehensiveness, the belief that compliance does not guarantee security, and the overlap with existing regulations.

A Call to Action: Bridging the Compliance Gap

Andre Troskie, EMEA Field CISO at Veeam, emphasizes the importance of addressing these compliance challenges head-on. "NIS2 brings responsibility for cybersecurity beyond IT teams into the boardroom," he states. "While many businesses recognize the importance of this directive, the struggle to comply highlights significant systemic issues."

Troskie urges leadership teams to act swiftly to bridge the gaps in compliance. The rising frequency and severity of cyber threats underscore the urgency of enhancing organizational robustness and safeguarding critical data. Compliance with NIS2 should not be viewed merely as a regulatory obligation but as a crucial step toward building a more resilient digital infrastructure.

Conclusion: The Path Forward

As organizations navigate the complexities of NIS2 compliance, it is clear that confidence alone is not enough. The mixed emotions surrounding the directive reflect a broader challenge in the cybersecurity landscape. To truly enhance EU cybersecurity, businesses must prioritize compliance, address systemic barriers, and foster a culture of proactive cybersecurity awareness.

In this rapidly evolving digital age, the stakes are high. Organizations that fail to adapt may find themselves vulnerable to increasingly sophisticated cyber threats. The time to act is now—ensuring compliance with NIS2 is not just about meeting regulatory requirements; it is about safeguarding the future of business in an interconnected world.

Related articles

Recent articles