Just a third (34%) of impacted organizations in the UK, France and Germany are prepared for the EU’s updated Network and Information Security Directive (NIS2) one year before the legislation comes into force, according to a survey of 1500 IT decision makers by cybersecurity firm Sailpoint.
UK organizations, which must comply with the directive if they operate in the EU, are particularly unprepared, with three-quarters yet to fully address the five key requirements for compliance.
Broken down, Sailpoint found the following percentage of UK organizations surveyed still need to complete the five requirements:
Sailpoint warned against businesses being complacent about addressing these areas as each take five months on average to complete.
Failure to comply with the directive can lead to fines of up to €10m ($10.5m), or 2% of an organization’s global annual revenue.
What is NIS2?
NIS2 is an update to the EU’s original NIS directive that was passed in 2016 and became law in most member states in 2018. The new rules are designed to reflect greater reliance on digital systems and rising cyber-threats, and brings more industries and entities under its umbrella.
It encompasses ‘very critical sectors,’ such as energy, transport, banking and healthcare, and applies to organizations with more than 250 employees and an annual turnover of €10 million or more.
NIS2 was enacted in January 2023, and the deadline for the transposition of the provisions into the national law for member states is October 17, 2024.
Stephen Bradfo ..
Support the originator by clicking the read the rest link below.
