NIS2 Compliance Challenges: How 73% of Organisations Recognise the Need for Training

The Growing Need for NIS2 Compliance

The NIS2 directive directly calls for comprehensive security measures, risk management, and accountability, all of which demand that businesses invest in compliance efforts. Yet, according to our survey, many companies are still grappling with the challenges posed by NIS2. We found that a large portion of organisations are seeking NIS2-specific training as they navigate the complexities of compliance. The chart below illustrates the level of demand for NIS2 training:

This data shows that while awareness of the directive is high, most organisations are still in the process of building the knowledge and resources necessary to fully comply. The strong demand for specialized NIS2 training reflects the directive’s complexity and the need for expert guidance.

Gaps in Cybersecurity Awareness

Achieving NIS2 compliance starts with building a solid foundation of cybersecurity awareness across the entire company. Yet, our survey reveals significant gaps in this area. Many organisations are not fully confident in their current level of awareness, and some are unclear on the steps needed to address NIS2 requirements.

Survey insights:

• 42% of organisations rate their cybersecurity awareness as moderate. This suggests that while basic training and measures are in place, there is room for improvement.
• 18% of respondents are unsure about their organisation’s level of cybersecurity awareness, which poses a serious compliance risk.
• Only 15% of organisations reported a very high level of awareness, indicating strong readiness for NIS2.

Organisations need to move beyond basic awareness and aim for a deeper integration of cybersecurity practices into their corporate culture. Regular, comprehensive training and assessment programs can help close the awareness gap and ensure that all employees understand their role in maintaining NIS2 compliance.

Cybersecurity Standards: Compliance Still in Progress

NIS2 mandates that organisations adhere to strict cybersecurity standards, such as ISO/IEC 27001, to ensure a comprehensive and uniform approach to security. However, our survey data shows that a significant number of organisations are still in the process of achieving full compliance with these standards.

The conclusion is that organisations need to expedite their compliance efforts, focusing on integrating recognised cybersecurity standards like ISO/IEC 27001. This will not only help in meeting NIS2 requirements but also strengthen their overall cyber resilience. For those unsure or not compliant, seeking expert guidance and conducting regular compliance audits should be a top priority.

The Frequency of Cybersecurity Assessments

NIS2 places a strong emphasis on continuous risk management, requiring organisations to perform regular cybersecurity assessments to identify vulnerabilities and ensure compliance. However, our survey indicates that many businesses are not conducting these assessments frequently enough, potentially leaving them exposed to security risks and non-compliance with the directive.

Survey insights:

• Only 30% of organisations perform cybersecurity assessments annually, which aligns with best practices and NIS2 expectations.
• 43% conduct assessments occasionally, meaning every few years or on an ad-hoc basis, which is far less frequent than what is recommended.
• Alarmingly, 15% of organisations reported that they never conduct cybersecurity assessments.
• The remaining 12% perform assessments bi-annually, indicating a more frequent approach but still not fully aligned with the continuous monitoring principles of NIS2.

To meet NIS2 requirements, organisations must establish a routine of performing at least annual cybersecurity assessments, if not more frequently. This will ensure that vulnerabilities are identified and addressed promptly, reducing the risk of compliance failures and cyberattacks. For those conducting assessments less frequently or not at all, implementing automated monitoring systems or working with third-party security experts can help bridge the gap.

Overcoming NIS2 Compliance Challenges: Next Steps

It’s essential to address the key challenges identified in our survey and take actionable steps to enhance their cybersecurity posture. The findings reveal critical areas that require attention, from awareness and training, to comply with the new cybersecurity standards. Here is what you can do to improve your NIS2 readiness.

Enhance Cybersecurity Awareness Programs:

• Implement regular training sessions to increase cybersecurity awareness across all levels of the organisation.
• Foster a culture of security where employees understand the importance of their roles in maintaining compliance.

Develop a Structured Compliance Roadmap:

• Create a clear plan that outlines the steps necessary to achieve full compliance with cybersecurity standards.
• Assign responsibilities to ensure accountability and track progress toward compliance goals.

Schedule Regular Cybersecurity Assessments:

• Establish a routine of conducting annual cybersecurity assessments to identify and address vulnerabilities proactively.
• Consider third-party audits to provide an unbiased evaluation of your cybersecurity posture.

Invest in Specialised NIS2 Training:

• Develop tailored training programs focused on NIS2 compliance to equip employees with the knowledge and skills they need.
• Consider partnerships with training providers who specialise in NIS2 and cybersecurity best practices.

By addressing these challenges and implementing the recommended steps, organisations can enhance their cybersecurity readiness and ensure compliance with the NIS2 directive. Proactive measures are essential to protect digital assets and maintain organisational integrity. As cybersecurity guidelines continue to evolve, organisations must remain vigilant, adapting to new challenges while striving for excellence in compliance.