top of page

A tough start for NIS2

While the deadline for national transposition of NIS2 was set at October 17, 2024, France, through the ANSSI, has decided to allow 3 years for the companies to comply, with certain requirements. France is not the worst performer in EU.


Tough start for NIS2

Although this tough start for NIS2 does not only affect France, a recent study shows that critical security incidents could have been avoided if better attention had been devoted to the subject.

To comply with the NIS2 directive, companies must implement essential measures such as incident response plans, supply chain security, vulnerability assessments and overall security levels. This also applies to all branches and subsidiaries, partners and members of the supply chain.

A recent study[1] conducted by Censuswide for Veeam reveals that 90% of responding European companies reported at least one security incident in the last twelve months that could have been avoided by the directive.

What remains worrying is that 44% of those responding had suffered more than three cyber incidents in recent months, 65% of which were qualified as “very critical”.


Main obstacles to NIS2's slow start

The main challenges cited by IT decision-makers polled for this study include technical debt at 24%, lack of understanding from management at 23%, and insufficient budgets and investment at 21%.

The slow pace of NIS2 compliance is also probably linked to the multitude of business pressures and priorities faced by companies today.

The surveyed companies ranked the NIS2 directive lowest in terms of urgency and priority, far behind ten other issues such as skills shortages, profitability or digital transformation.

In addition, 57% doubt that NIS2 will have a significant impact on the EU's overall cybersecurity posture.


France is not the worst performer in EU


Obviously, France is not the only European country to have missed the deadline for national transposition of the directive.

Bulgaria, Portugal, Spain and Estonia (the European epicenter of cyber) are among the worst performers, having made no progress to date in the transposition process.

Denmark, France, Ireland and Romania have all begun their transposition projects.

France, through Anssi (The cybersecurity national Agency), has authorized a three-year period for the relevant organizations to fully comply with the directive, as long as the strict requirements have been met.



Status of NIS 2 transposition in EU

Countries that have already submitted their transposition plans include Austria, Cyprus, the Czech Republic, Finland, Germany, Greece, Italy, Lithuania, Luxembourg, the Netherlands, Poland, Slovakia, Slovenia and Sweden.

The best performers, i.e. those countries that have transposed the directive at national level on time, include Belgium, Hungary, Croatia and Latvia.


[1] The survey polled over 500 IT and IT security decision-makers in Belgium, France, Germany, the Netherlands and the UK

Posts similaires

Voir tout

コメント


bottom of page