Majority of Companies will Miss Looming NIS2 Deadline as New European Union Cybersecurity Directive Goes into Effect

  • New Veeam Software survey reveals approximately 80% of businesses are confident in adhering to NIS2, yet 66% will miss the compliance deadline once it goes into effect October 18
  • 90% of EMEA businesses faced cybersecurity incidents that NIS2 could have prevented
  • Companies could face hefty fines or even suspensions of service in the European Union under strict new cybersecurity regulations that may be seen as the new global standard

Majority of Companies will Miss Looming NIS2 Deadline as New European Union Cybersecurity Directive Goes into Effect

Heidi Monroe Kroft
Veeam Software
Global Corporate Communications / Public Relations
(614) 339-8200
heidi.kroft@veeam.com

The European Union (EU) Network and Information Security Directive 2022/2555 (NIS2) which aims to strengthen cybersecurity, goes into effect on October 18 with administrative fines of up to EUR10 million or 2% of total annual worldwide turnover for those who fail to comply. A new survey from Censuswide, commissioned by Veeam® Software, the #1 market leader by market share in Data Resilience, revealed that only 43% of EMEA IT decision-makers believe NIS2 will significantly enhance EU cybersecurity. This is despite an overwhelming 90% of respondents reporting at least one security incident that the NIS2 directive could have prevented in the past 12 months. Alarmingly, 44% of respondents experienced more than three cyber incidents, with 65% of those categorized as “highly critical.”

The survey results, which encompass the views of 500+ IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK, revealed the state of play less than a month before this directive takes effect on Oct. 18. Although nearly 80% of businesses are confident in their ability to eventually comply with NIS2 guidelines, up to two-thirds state they will miss this imminent deadline.

"Tackling the growing volume and complexity of cyber threats will take a coordinated approach across government, industry, and business. The NIS2 directive will both help to prevent critical incidents and raise the importance of good preparation to the boardroom. NIS2 will also set the new standard baseline of compliance for all enterprises around the world as we continue to battle this era of continuous cyber threats with data resilience in order to keep businesses running and secure,” said Anand Eswaran, CEO at Veeam.

“While recognizing the importance of this directive, pressures of other business priorities along with IT challenges is hampering organizations’ ability to meet the October 18 deadline. Leaders in Europe will need to act swiftly to bridge these gaps and ensure compliance, not just for regulatory sake but to genuinely enhance organizational robustness and safeguard critical data," Eswaran continued.

Barriers to NIS2 Compliance

Achieving NIS2 compliance requires businesses to implement essential measures, such as defining incident response plans, securing supply chains, assessing vulnerabilities, and evaluating overall security levels. This includes all affiliated organizations, partners, and supply chains. However, several barriers to compliance persist. Key challenges cited by IT decision-makers include technical debt (24%), lack of leadership understanding (23%), and insufficient budget/investments (21%). Notably, 40% of respondents reported decreased IT budgets since the political agreement for NIS2 was proclaimed effective in January 2023, despite its stringent penalties, which are comparable to those of the EU's flagship data privacy legislation, the General Data Protection Regulation (GDPR). 63% of respondents view the GDPR as strict, and 62% express the same sentiment about NIS2.

Competitive Pressures Amid Cyberthreats

The slow pace of NIS2 adoption is likely due to the multitude of competing priorities and business pressures that face these organizations. Respondents rank NIS2 lower in urgency than ten other issues, including the skills gap, profitability, and digital transformation. Worryingly, 42% of respondents who consider NIS2 insignificant for EU cybersecurity improvements attribute this to inadequate consequences of non-compliance, which has led to widespread apathy towards the directive.

Additional key findings from the survey include:

  • 74% of respondents see NIS2 as beneficial, but 57% doubt it will have any substantial impact on overall EU cybersecurity posture.
  • Sceptics cite additional concerns such as NIS2's lack of comprehensiveness (35%), belief that compliance doesn’t guarantee security (34%), and overlap with existing regulations (25%).
  • Other barriers include a lack of focus on NIS2 compliance (20%), tight timelines (19%), cybersecurity skills shortage (19%), directive complexity (19%), and organizational silos (19%).
  • Despite conflicting views, most respondents perceive NIS2 positively in the context of their organization's regulatory obligations, feeling optimistic (33%), confident (32%), and encouraged (27%).

To learn more about Veeam, visit https://www.veeam.com.

About the Veeam NIS2 Confidence Survey

Censuswide conducted this research on behalf of Veeam between Aug. 29 and Sept. 2, 2024. The survey included 500+ IT decision-makers from Belgium, France, Germany, the Netherlands, and the UK. Although the UK is a non-EU member state, it was included due to its significant business ties with EU countries. An additional criterion ensured that UK respondents either currently do business within the EU or have plans to do so. To achieve balanced representation, quotas were established for each market: 50 respondents were from medium-sized companies (50-249 employees) and 50 were from large or enterprise-sized companies (250+ employees). Respondents were selected from industry verticals listed amongst the essential and important entities subject to the NIS2 directive. The study was nationally representative.

About Veeam Software

Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it.? Veeam calls this radical resilience, and we’re obsessed with creating innovative ways to help our customers achieve it.

Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data freedom, data security, and data intelligence. ?With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments.

Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 74% of the Global 2000, that trust Veeam to keep their businesses running. ?Radical resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.


Read Previous

inTEST Corporation to Participate in Upc

Read Next

Knightscope Announces Proposed Public Of

Add Comment