Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

NIS2 Directive in the EU: An imminent deadline, insufficient preparation

by Guru Writer
August 8, 2024
in Insight
NIS2 Directive in the EU: An imminent deadline, insufficient preparation
Share on FacebookShare on Twitter

Dr. Martin J. Kraemer, ​Security Awareness Advocate​ at Knowbe4, gives his advice on where to organisations can start to act now with the impending NIS2 regulation 

 

While EU member states must introduce the Network and Information Systems Directive 2022 (NIS2) into their national law by October 2024, not all appear ready to meet this deadline. This directive imposes ten security measures intended to strengthen the cyber resilience of critical infrastructure, including business continuity management, cyber risk management, supply chain security and training and education. 

 

Differences between EU countries in the implementation of the NIS2 Directive 

 

Some member states have already transposed the directive into their national legislation and are preparing to apply compliance measures from October 2024. Others, such as France, Denmark and the Netherlands, have announced that they only implement it at the beginning of 2025. Germany, for its part, will very unlikely meet the deadline, due to pending national legislation. 

 

The differences in the implementation of the directive are also significant. For example, France explicitly includes local authorities, which is not the case in Germany. As the UK has left the EU bloc, it also has divergences from NIS2, though those UK businesses operating in the EU will have to meet its requirements. The UK has extended the reach of its NIS legislations to include managed service providers (MSPs) in a bid to up the ante on cyber resilience, as well as include a broader scope of incidents that require reporting.  

 

These variations have left many pan-European organisations struggling to understand the directive and its various implementations across the EU. 

 

Organisational Confidence and Readiness 

According to a ​​study by Zscaler, 80% of organisations are confident in their ability to comply. However, many are waiting for national legislation, assuming that implementation delays will give them enough time to put the required measures in place. Currently, only 14% of organisations say they are compliant. 

 

However, many organisations lack confidence in their ability to understand requirements (53%), and 49% report a notable lack of support from their leadership. Without adequate support from the top, who are personally responsible and accountable for the implementation and security of the organisation, IT teams may find themselves ready, but the organisation as a whole will not be. 

 

Perspectives from European organisations 

Another YouGov survey commissioned by ESET reveals a similar situation: a third of organisations say they have implemented the directive, while 15% believe they are not affected and 14% are uncertain about their compliance requirements. About 38% have not yet started on compliance but plan to do so soon. Despite significant attention to the subject, actual implementation is often insufficient, leading to one of the main criticisms of the directive: the path to compliance is not always clear. 

 

Although there is time, the lack of support from company management, understanding among key stakeholders and awareness among small and medium-sized businesses are concerning. Management can no longer avoid engaging with cybersecurity professionals, as they are ultimately responsible and accountable. 

 

Although national legislation will eventually be resolved, organisations must proactively prepare. Implementing standards such as ISO27001 is one approach. Comprehensive risk management must consider the specific threats an organisation faces. As the directive states, employee training is crucial to building resilience. This recognition is now widespread, as the human element is the most targeted attack vector. Effective training and education are essential to understanding and mitigating organisational risks. Proper execution of these initiatives is key. 

 

While legislation is delayed and there is still time for organisations to prepare, everyone is advised to use this time with intention. NIS2 is not just another compliance requirement but a wake-up call for all critical infrastructure and their suppliers to make cybersecurity a business priority and to help protect countries from interference by threat actors, e.g., nation states, hacktivists, or cybercriminals. 

ShareTweet
Previous Post

European IT Professionals Want Training on AI, Poll Finds

Next Post

The Importance of a Cyber Vault For Data Protection

Recent News

AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026
Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol