Uncertainty on NIS2 compliance remains a month on from deadline.
Senior cybersecurity professionals are – still – “not sure” whether the EU’s NIS2 directive even applies to their organisation, with some admitting their organisation was not compliant with last month’s deadline.
According to research from Green Raven of 200 respondents from 1,930 British organisations, more than two-thirds of respondents said that NIS2 does apply to them, but three percent were unsure if NIS2 even applied to them.
The EU’s Network and Information Security Directive (NIS2) aims to improve the overall level of cybersecurity and standardise cyber resilience across the EU, and EU member states were required to transpose NIS2 into their national legislation by 17th October 2024.
Although the UK has left the EU, NIS2 impacts UK organisations that fall under its scope and conduct business in the EU, either as a customer or as a supplier.
Morten Mjels, CEO of Green Raven Limited, said: “Eventually, failure to be compliant is going to significantly impact the ability of these organisations to do business in Europe, or is going to attract a significant fine for doing business in Europe without being compliant. And saying ‘we weren’t sure’ is unlikely to be much of a defence.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
