NIS2 Reshapes European Cybersecurity Strategies
The EU's Network and Information Security Directive (NIS2) is reshaping cybersecurity strategies across Europe. With an estimated 150,000 large and medium-sized companies in scope, businesses are allocating substantial resources to meet its requirements.
NIS2 covers critical areas such as incident response, supply chain security, data security, and training. The directive has prompted 95% of applicable firms to divert funds to ensure compliance. In the EMEA region, 34% of businesses have tapped into their risk management budgets for NIS2 compliance, while 80% have allocated a significant portion of their IT budgets to cybersecurity and compliance.
Applicable businesses are taking concrete steps to comply, including IT audits, reviewing cybersecurity processes, and investing in new technology. However, meeting NIS2 requirements has led to budget cuts in other areas for some organisations, with 40% facing decreased IT budgets since the political agreement for NIS2. Budget constraints are a significant barrier for 20% of IT leaders, but 68% of firms have received additional budget for NIS2 compliance.
NIS2's impact on European businesses is substantial, with companies prioritising compliance despite budget challenges. While some struggle with funding, many have secured additional resources to meet the directive's requirements, demonstrating a commitment to enhanced cybersecurity.
