A new survey Infobrief from IDC has uncovered that three-quarters of European organisations do not have full awareness and detailed knowledge of the NIS2 Directive.
The research, sponsored by Insight Enterprises, reveals delays across Europe in meeting the stringent cybersecurity regulations mandated, with many businesses struggling with internal obstacles that impede compliance efforts.
Non-compliance of NIS2 can result in both financial penalties and personal liabilities, including fines of up to €10m EUR or two percent of global revenue, and removal of Executives rights to hold managerial positions.
Surveying IT managers and decision makers across Europe shortly before the October 17th deadline, the survey found a general lack of awareness of all the implications of the directive and how it would affect companies’ day-to-day operations.
Key findings showed that: Three out of four European companies surveyed did not have full awareness and detailed knowledge of the NIS2 Directive; and an irregularity in company communication and alignment, with a discrepancy between CEOs’ perceptions of their companies’ readiness and their own IT teams’ opinions.
Findings also show that compliance is a low priority, with a lack of technical understanding and low awareness of cybersecurity risk being key reasons, alongside lack of in-house expertise to execute compliance tasks.
“Despite the deadline for NIS2 compliance having passed, this Infobrief reveals a critical shortfall in many organisations' efforts to meet the standards,” said Rob O’Connor, Insight’s CISO and Security Technology Lead.
He added: “These results should serve as a wake-up call, reminding organisations to set their own NIS2 compliance deadlines immediately.”
