Bringing you live news and features since 2013
Bringing you news, views and analysis since 2013

51385

European businesses confident they will reach NIS 2 compliance despite limited understanding of requirements: Zscaler

RELATED TOPICS​

New research from cloud security firm Zscaler reports a disconnect between European company confidence in reaching NIS 2 compliance ahead of the October 17 deadline and an understanding of what achieving compliance will require.

According to Zscaler’s latest report, NIS 2 & Beyond: Risk, Reward & Regulation Readiness, which surveyed more than 875 IT leaders across six European markets, 80 per cent of IT leaders feel confident that their organisation will meet the compliance requirements before the deadline – and only 14 per cent claim to have already met them. A little over half (53 per cent) of IT leaders, however, believe their teams fully understand the demand, and even fewer (49 per cent) believe leadership does. CISOs face an immediate need to educate all relevant stakeholders, from board level to section owners and employees across the organisation, to ensure compliance ahead of the due date.

Examining the disconnect between confidence and understanding reveals some friction between how leaders are discussing NIS 2 and how they are acting upon it, the firm says. Respondents indicate that leaders recognise the growing importance of the NIS 2 regulations, with one-third (32 per cent) saying it is a top priority for their leadership and 52 per cent saying it is becoming a higher priority. This does not appear to be reflected, however, in the support offered to company IT teams shouldering the burden of the compliance process. Most IT leaders (56 per cent) feel their teams are not getting the leadership team support they need to meet the compliance deadline.

Brian Marvin, Senior Vice President of EMEA Enterprise Sales at Zscaler, says: “While there appears to be a quiet confidence across the region that businesses will reach NIS 2 compliance by the rapidly approaching deadline, our research suggests this confidence could be built on shaky foundations. If they are not careful, many businesses may find themselves rushing to the finish line and neglecting other cybersecurity processes as a result – something 60 per cent of IT leaders admitted is possible. Leadership needs to act now and give their IT teams the necessary support to avoid missing key steps in their compliance journey and risking serious financial consequences.”

Although the NIS 2 directive builds upon the existing NIS framework, 62 per cent of respondents believe it is a significant departure from what they currently use. To become compliant, IT leaders are having to make the most significant changes in the areas of their tech stack/cybersecurity solutions (34 per cent), educating employees (20 per cent), and educating leadership (17 per cent). When asked about the top three challenging sections of the directive, respondents pointed most often to:

security in network and information systems acquisition, development, and maintenance (31 per cent), basic cyber hygiene practices and cybersecurity training (30 per cent) and policies and procedures around effective cybersecurity risk management measures (29 per cent).

While the NIS 2 directive is positioned as incorporating foundational level cybersecurity requirements, the report suggests many businesses across Europe are not as far along with their cybersecurity standards as they should be.

Only 31 per cent of respondents would label their current cyber hygiene as ‘excellent’. When looking at the survey from an industry perspective, the transport and energy sectors had a far lower level of cyber hygiene excellence, with only 14 per cent of IT leaders in transport companies, and 21 per cent in energy companies, claiming to have achieved this. These figures suggest that too few businesses in some critical infrastructure sectors have been keeping up with security reviews over the past few years, which could pose issues during their NIS 2 compliance checks this year.

James Tucker, Head of CISO at Zscaler, says: “Regulations by themselves will never be the answer to first-class cybersecurity hygiene – particularly given the scale of the cybersecurity challenge. In fact, 53 per cent of our respondents said the NIS 2 regulations don’t go far enough considering what businesses are facing. Rather than a problem to solve, regulations should be viewed as an opportunity to raise foundational security up a rung. Regulations need to become part of an organisation’s ongoing process reviews instead of a separate activity for IT teams to address. Businesses should be using this opportunity to review the scale of their technology stacks as well as find ways to simplify and track their hardware and software through one platform to avoid complexity in their organisational environment.”

The NIS 2 directive emphasises the responsibility of organisations to ensure network and information system security with a culture of governance and comprehensive risk management Zscaler writes. “They must adopt proactive technical, operational, and organisational measures to manage the risks posed to the security of network and information systems.”

The NIS 2 directive is a legislative act that aims to achieve a high common level of cybersecurity across the European Union. Member states must ensure that entities across 15 industry segments take appropriate measures to manage the risks posed to the security of network and information systems, and to prevent or minimise the impact of incidents on recipients of their services and on other services.

Latest News

Designed to meet the growing needs of investors seeking to combine financial returns with impact..
MSCI has launched MSCI AI Portfolio Insights, writing that it combines generative artificial intelligence “GenAI”..
The Capgemini Research Institute’s World Wealth Report 2024, published today, reveals the number of high-net-worth..

Related Articles

graph
The exodus from hedge funds continues with investors questioning unswayed by relatively strong performance from the alternative asset class...
The exodus from hedge funds continues with investors questioning unswayed by relatively strong performance from the alternative asset class...
Waves
A joint statement from BNP Paribas Asset Management, Federated Hermes Limited, Mirova, Robeco and Storebrand Asset Management has been published, entitled The urgent need for better ocean-related data to make informed investment decisions...
A joint statement from BNP Paribas Asset Management, Federated Hermes Limited, Mirova, Robeco and Storebrand Asset Management has been published,..
Frozen soap bubble
From the end of this month, the UK’s Sustainability Disclosure Requirements (SDR) regime comes into force which the Financial Conduct Authority says has a simple aim: “Financial products that are marketed as sustainable should do as they claim and have the evidence to back it up.”..
From the end of this month, the UK’s Sustainability Disclosure Requirements (SDR) regime comes into force which the Financial Conduct..
Global ESG Investing
On May 15 Florida’s Republican Governor Ron DeSantis signed legislation that furthers his ongoing campaign to oppose the role of climate change and ESG factors in state policymaking...
On May 15 Florida’s Republican Governor Ron DeSantis signed legislation that furthers his ongoing campaign to oppose the role of..
Subscribe to the Institutional Asset Manager newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by