The bulk of organizations are resorting to budgets from other departments in an attempt to become compliant with NIS2, research shows.
A survey by Censuswide, commissioned by Veeam Software, shows that 95 percent of organizations in EMEA have used budgets from other departments to comply with the NIS2 directive. This puts pressure on resources and exacerbates existing challenges, such as IT skills shortages.
read also
Veeam survey: two in three companies fail to meet NIS2 deadline
Shifting budgets
The survey found that 68 percent of organizations surveyed have received additional budget for NIS2 compliance, while 20 percent perceive budget as a barrier. The focus on the NIS2 directive since January 2023 has led to adjustments in budget distribution, with 40 percent of organizations operating with a lower IT budget and 20 percent with a flat budget. As a result, almost all organizations (95%) have drawn funds from elsewhere, primarily from recruitment budgets (30%), crisis management (29%) and contingency reserves (25%).
According to Edwin Weijdema, Field CTO EMEA at Veeam, rising costs and shrinking IT budgets are driving this shift. While the directive emphasizes strict penalties and corporate accountability, IT leaders are concerned about diverting funds, especially when it comes at the expense of recruitment and contingency reserves.
Existing challenges exacerbated by NIS2
The survey provides further insight into the top concerns of IT leaders. Shortages in IT skills (24%), profitability (23%) and digital transformation (23%) top their list, while NIS2 compliance only comes tenth. Yet NIS2 requires significant financial and human resources, putting pressure on organizations. The survey shows that 80 percent of the IT budget is allocated to cybersecurity and compliance.
Organizations are taking various measures to become NIS2-compliant. These include IT audits (29%), reviewing cybersecurity processes (29%) and developing new policies (28%). Investment in new technology (28%) is also a key pillar, requiring additional budget.
According to Andre Troskie, field CISO EMEA at Veeam, the high budget allocation to security and compliance highlights that organizations are not adequately prepared. He recommends taking a holistic approach to security so that other priorities, such as digital transformation, are not compromised.