What are you looking for ?
Advertise with us
RAIDON

Majority of Companies Will Miss Looming NIS2 Deadline

As per Censuswide survey commissioned by Veeam

  • New Veeam Software survey reveals approximately 80% of businesses are confident in adhering to NIS2, yet 66% will miss the compliance deadline once it goes into effect October 18
  • 90% of EMEA businesses faced cybersecurity incidents that NIS2 could have prevented
  • Companies could face hefty fines or even suspensions of service in the European Union under strict new cybersecurity regulations that may be seen as the new global standard

The European Union (EU) Network and Information Security Directive 2022/2555 (NIS2) which aims to strengthen cybersecurity, goes into effect on October 18 with administrative fines of up to €10 million or 2% of total annual WW turnover for those who fail to comply.

Majority Of Companies Will Miss Looming Nis2 Deadline

A new survey from Censuswide, commissioned by Veeam Software, Inc. revealed that only 43% of EMEA IT decision-makers believe NIS2 will enhance EU cybersecurity. This is despite an overwhelming 90% of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months. Alarmingly, 44% of respondents experienced more than 3 cyber incidents, with 65% of those categorized as “highly critical.

The survey results, which encompass the views of 500+ IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK, revealed the state of play less than a month before this directive takes effect on October 18. Although nearly 80% of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds state they will miss this imminent deadline.

Tackling the growing volume and complexity of cyber threats will take a coordinated approach across government, industry, and business. The NIS2 directive will both help to prevent critical incidents and raise the importance of good preparation to the boardroom. NIS2 will also set the new standard baseline of compliance for all enterprises around the world as we continue to battle this era of continuous cyber threats with data resilience in order to keep businesses running and secure,” said Anand Eswaran, CEO, Veeam. “While recognizing the importance of this directive, pressures of other business priorities along with IT challenges is hampering organizations’ ability to meet the October 18 deadline. Leaders in Europe will need to act swiftly to bridge these gaps and ensure compliance, not just for regulatory sake but to genuinely enhance organizational robustness and safeguard critical data.

Barriers to NIS2 Compliance
Achieving NIS2 compliance requires businesses to implement essential measures, such as defining incident response plans, securing supply chains, assessing vulnerabilities, and evaluating overall security levels. This includes all affiliated organizations, partners, and supply chains. However, several barriers to compliance persist. Key challenges cited by IT decision-makers include technical debt (24%), lack of leadership understanding (23%), and insufficient budget/investments (21%). Notably, 40% of respondents reported decreased IT budgets since the political agreement for NIS2 was proclaimed effective in January 2023, despite its stringent penalties, which are comparable to those of the EU’s flagship data privacy legislation, the General Data Protection Regulation (GDPR). 63% of respondents view the GDPR as strict, and 62% express the same sentiment about NIS2.

Competitive Pressures Amid Cyberthreats
The slow pace of NIS2 adoption is likely due to the multitude of competing priorities and business pressures that face these organizations. Respondents rank NIS2 lower in urgency than 10 other issues, including the skills gap, profitability, and digital transformation. Worryingly, 42% of respondents who consider NIS2 insignificant for EU cybersecurity improvements attribute this to inadequate consequences of non-compliance, which has led to widespread apathy towards the directive.

Additional key findings from the survey include:

  • 74% of respondents see NIS2 as beneficial, but 57% doubt it will have any substantial impact on overall EU cybersecurity posture.
  • Sceptics cite additional concerns such as NIS2’s lack of comprehensiveness (35%), belief that compliance doesn’t guarantee security (34%), and overlap with existing regulations (25%).
  • Other barriers include a lack of focus on NIS2 compliance (20%), tight timelines (19%), cybersecurity skills shortage (19%), directive complexity (19%), and organizational silos (19%).
  • Despite conflicting views, most respondents perceive NIS2 positively in the context of their organization’s regulatory obligations, feeling optimistic (33%), confident (32%), and encouraged (27%).

About the Veeam NIS2 Confidence Survey
Censuswide conducted this research on behalf of Veeam between August 29 and September 2, 2024. The survey included 500+ IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK. Although the UK is a non-EU member state, it was included due to its significant business ties with EU countries. An additional criterion ensured that UK respondents either currently do business within the EU or have plans to do so. To achieve balanced representation, quotas were established for each market: 50 respondents were from medium-sized companies (50-249 employees) and 50 were from large or enterprise-sized companies (250+ employees). Respondents were selected from industry verticals listed amongst the essential and important entities subject to the NIS2 directive. The study was nationally representative.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E