Only a third (34%) of organisations across the UK, France and Germany have completed preparations for the European Union’s updated Network and Information Security Directive (NIS2), despite just one year to go until its legislative deadline, according to new research from SailPoint, a leader in enterprise identity security.
With fines for non-compliance costing up to €10 million, or 2% of an organisation’s global annual revenue, taking the necessary steps to become compliant must be top of the agenda for businesses.
The research, which surveyed 1,500 IT decision-makers, found there is still a lot of preparation for organisations to complete, despite the clock ticking. For UK organisations, which must still comply with the directive if they operate in the EU, 80% still need to properly secure their supply chains, while 76% must assess the efficiency of existing cyber measures.
Three-quarters of organisations also need to add new risk management measures (74%), implement HR security (76%) as well as provide cybersecurity training to staff (72%). Businesses can’t afford to be complacent – of these five milestones, respondents anticipate each will take five months on average to complete.
The NIS2 directive comes at a time when organisations of all sizes face a growing number of cyberthreats and aims to deliver a broad, comprehensive and holistic improvement of cybersecurity across the EU.