The European Union (EU) Network and Information Security Directive 2022/2555 which aims to strengthen cybersecurity, goes into effect on October 18 with administrative fines of up to EUR10 million or 2% of total annual worldwide turnover for those who fail to comply. A new survey from Censuswide, commissioned by Veeam® Software, the #1 market leader by market share in Data Resilience, revealed that only 43% of EMEA IT decision-makers believe NIS2 will significantly enhance EU cybersecurity. This is despite an overwhelming 90% of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months. Alarmingly, 44% of respondents experienced more than three cyber incidents, with 65% of those categorized as “highly critical.”

Cyber Technology Insights: Insight Attains Premier Tier Status in AWS Partner Network

The survey results, which encompass the views of 500+ IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK, revealed the state of play less than a month before this directive takes effect on Oct. 18. Although nearly 80% of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds state they will miss this imminent deadline.

“Tackling the growing volume and complexity of cyber threats will take a coordinated approach across government, industry, and business. The NIS2 directive will both help to prevent critical incidents and raise the importance of good preparation to the boardroom. NIS2 will also set the new standard baseline of compliance for all enterprises around the world as we continue to battle this era of continuous cyber threats with data resilience in order to keep businesses running and secure,” said Anand Eswaran, CEO at Veeam.

“While recognizing the importance of this directive, pressures of other business priorities along with IT challenges is hampering organizations’ ability to meet the October 18 deadline. Leaders in Europe will need to act swiftly to bridge these gaps and ensure compliance, not just for regulatory sake but to genuinely enhance organizational robustness and safeguard critical data,” Eswaran continued.

Barriers to NIS2 Compliance

Achieving NIS2 compliance requires businesses to implement essential measures, such as defining incident response plans, securing supply chains, assessing vulnerabilities, and evaluating overall security levels. This includes all affiliated organizations, partners, and supply chains. However, several barriers to compliance persist. Key challenges cited by IT decision-makers include technical debt (24%), lack of leadership understanding (23%), and insufficient budget/investments (21%). Notably, 40% of respondents reported decreased IT budgets since the political agreement for NIS2 was proclaimed effective in January 2023, despite its stringent penalties, which are comparable to those of the EU’s flagship data privacy legislation, the General Data Protection Regulation (GDPR). 63% of respondents view the GDPR as strict, and 62% express the same sentiment about NIS2.

Competitive Pressures Amid Cyberthreats

The slow pace of NIS2 adoption is likely due to the multitude of competing priorities and business pressures that face these organizations. Respondents rank NIS2 lower in urgency than ten other issues, including the skills gap, profitability, and digital transformation. Worryingly, 42% of respondents who consider NIS2 insignificant for EU cybersecurity improvements attribute this to inadequate consequences of non-compliance, which has led to widespread apathy towards the directive.

Additional key findings from the survey include:

  • 74% of respondents see NIS2 as beneficial, but 57% doubt it will have any substantial impact on overall EU cybersecurity posture.
  • Sceptics cite additional concerns such as NIS2’s lack of comprehensiveness (35%), belief that compliance doesn’t guarantee security (34%), and overlap with existing regulations (25%).
  • Other barriers include a lack of focus on NIS2 compliance (20%), tight timelines (19%), cybersecurity skills shortage (19%), directive complexity (19%), and organizational silos (19%).
  • Despite conflicting views, most respondents perceive NIS2 positively in the context of their organization’s regulatory obligations, feeling optimistic (33%), confident (32%), and encouraged (27%).

Cyber Technology Insights: CrowdStrike Expands Marketplace to Meet Demand for Cybersecurity

To share your insights, please write to us at news@intentamplify.com

Source – businesswire