Articles about NIS2

As cyberattacks across sectors continue to rise, businesses face pressure to enhance their security postures amid budget restraints and operational challenges.

In the EU, the new Network and Information Security Directive (NIS2) is making it mandatory for companies in Europe -- and those doing business with Europe -- to not only invest in cybersecurity, but to prioritize it regardless of budgets and team structures.

Continue reading →

Protecting critical national infrastructure (CNI) against attack is a huge undertaking for governments and for those organizations that deliver CNI services.

New regulation in Europe -- the NIS2 Directive -- includes an increased focus on resilience for CNI, covering traditional critical services like banking, utilities, transport and public safety as well as new provisions for digital service providers. In 2025, the Digital Operational Resilience Act (DORA) will enforce more stringent resilience and security requirements on the financial sector. And in the UK, the forthcoming Cyber Security and Resilience Bill will demand more investment in security too.

Continue reading →

As the European Union updated the Network and Information Security (NIS 2) Directive in October last year, many companies were asking: what does it take to comply with this sweeping new regulation? Designed to tighten cybersecurity across critical industries, NIS 2 goes beyond the original directive’s framework, bringing strict rules, wider sectoral reach, and substantial penalties.

We spoke to Sam Peters, chief product officer at isms.online, to find out what businesses need to know to ensure compliance and understand the directive's impact on both operations and reputation.

Continue reading →

A new report shows 90 percent of professionals surveyed report that complying with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

The study, from cloud-based risk and compliance platform AuditBoard, shows information security professionals feel the weight of compliance efforts most, with 38 percent expecting to be impacted to a great extent, compared to 29 percent of risk management professionals and 28 percent of IT professionals. Increased workloads could potentially lead to a greater risk of non-compliance as teams struggle to keep up with daily tasks.

Continue reading →

With the EU's NIS2 directive now starting to roll out, aiming to achieve a high level of cybersecurity across member states, a new survey commissioned by Veeam shows the significant impact implementation is having on businesses.

The study, carried out by Censuswide, reveals that while 68 percent of companies report receiving the necessary additional budget for NIS2 compliance, 20 percent identify budget as being a significant barrier to achieving compliance.

Continue reading →

The EU's latest Network and Information Security Directive (NIS2) comes into effect on October 18, but new research finds that although nearly 80 percent of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds say they will miss this imminent deadline.

The survey from Veeam Software, of over 500 IT decision-makers from Belgium, France, Germany, the Netherlands and the UK, shows 90 percent of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months.

Continue reading →

The new NIS2 directive is designed to strengthen the cyber resilience of over 160,000 companies that operate in the EU -- either directly or indirectly. Coming into force by 17th October, NIS2 regulations will outline how these essential entities can combat increasingly sophisticated and frequent cyber attacks.

Notwithstanding delays in the implementation of local legislation, the NIS2 directive provides an indication of the compliance obligations affecting those organizations which fall within the scope of the new rules. Ultimately, NIS2 aims to reduce inconsistencies in cyber security resilience by being the “single source of truth” for regulatory bodies to oversee how organizations implement increasingly stringent cybersecurity frameworks. As we have seen in recent weeks, these are crucial, especially during large-scale cybersecurity incidents or crises.  

Continue reading →

Often perceived as a necessary evil in the past, organizations are taking an increasingly proactive and committed approach to the regulation of technology and cybersecurity. Many are even going a step further by embracing independent standards to fill any gaps legislation may not address or, while waiting for laws to catch up with new developments.

Given today’s searing pace of change, characterized by the rapid rise of technologies like GenAI, this marks a positive way forward for businesses that care about their customers as well as their profits.

Continue reading →

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading →