Money was diverted from other budgets to cover costs.
While most IT leaders are confident about meeting NIS2 compliance, the directive has also amplified existing challenges, such as resource limitations and skills shortages.
According to research by Veeam, 68 percent of companies reported receiving the necessary additional budget for NIS2 compliance, but 20 percent identified budget as being a significant barrier to achieving compliance. In fact, 30 percent of respondents say they dipped into recruitment budgets to support NIS2 compliance efforts.
Also, 95 percent of organisations diverted funds from elsewhere in the business to cover NIS2 compliance costs. Specifically, 34 percent of companies have dipped into their risk management budgets, 30 percent from wider recruitment, 29 percent from crisis management, and 25 percent from emergency reserves.
Despite NIS2 not directly affecting UK companies, those that do business with EU entities must comply, and their responses paint a different picture. The UK was the only country surveyed to report an increase in IT budgets since January 2023, with 62 percent of UK-based IT decision-makers reporting a budget increase and just 14 percent seeing a decrease.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
