The NIS2 Directive, an update to the 2016 NIS Directive, aims to strengthen and unify cybersecurity measures across the European Union. With the deadline of October 17, 2024, fast approaching, a recent report from Zscaler titled “NIS2 & Beyond” analyzes the readiness of European companies to comply with this new legislation. In Spain, the report reveals that 83% of IT decision-makers are confident that their companies will meet the deadline on time, although only 12% have achieved compliance to date.
Confidence and Reality: A Worrisome Disconnect
Despite widespread optimism, the reality paints a more complex picture. Only 12% of Spanish companies have complied with NIS2 so far, and while 83% of IT decision-makers express confidence in achieving compliance on time, the effort required to adapt to the directive is significant.
The Zscaler report offers revealing insights:
– Priorities and Preparedness: 31% of leaders see NIS2 as a top priority, with 57% stating it is becoming a major priority.
– Understanding of Requirements: 56% believe their teams understand NIS2 requirements, with 51% stating that management also understands them. However, only 30% see the need to train employees in cybersecurity.
– Need for Mindset Change: 67% of Spanish IT leaders believe a mindset change is needed. 59% see NIS2 as a significant departure from the current NIS framework, while 47% feel that NIS2 is inadequate given the increasing threats.
– Cyber Hygiene and Zero Trust Architecture: Only 36% of companies rate their current cyber hygiene as “excellent.” 35% have yet to implement a zero-trust architecture. 29% believe they need cyber risk management policies, and 34% think technological stack changes are necessary.
The Challenge of Implementation
Confidence in meeting NIS2 requirements does not always translate into action. Many companies have not taken necessary steps, often due to lack of support from leadership and the need for a mindset shift beyond mere regulatory compliance.
Companies, especially in critical sectors like transportation and energy, must make significant changes to their technological infrastructure, train their employees and executives, and take a proactive approach to enhance overall security. NIS2 is a starting point, not an end, and companies must go beyond regulations to address the growing cyber risks.
In summary
Zscaler’s “NIS2 & Beyond” report highlights widespread optimism among IT decision-makers in Spain about NIS2 compliance. However, the reality is that many companies still need to make significant efforts to achieve compliance. Implementing NIS2 requires not just investment in technology and training, but also a mindset shift towards a robust and proactive cybersecurity culture.
As the deadline approaches, it will be crucial for Spanish companies to ramp up their efforts to ensure they are ready to comply with NIS2 and face the challenges of future cyber threats.