Eight in 10 organizations are confident they will be compliant with the NIS Act, but two in three companies do not believe it will meet the deadline, according to research by Veeam. There are also conflicting opinions about the impact of the law.
NIS2 is getting closer and closer: on Oct. 18, the legislation goes into effect. Veeam thought it was a good time to survey more than five hundred IT decision-makers from Belgium, France, Germany, the Netherlands and the UK about the run-up. For many an organization, it’s all hands on deck to meet the deadline.
Two in three of the respondents surveyed fear that their organization will not meet the deadline. There are several reasons given for this. The most frequently cited challenges are technical debt (24%), lack of leadership understanding (23%) and insufficient budget/investment (21%). Four in 10 organizations reported that the IT budget decreased since the announcement of NIS2.
Doubts about impact
Still far from all IT leaders seem convinced of the impact of NIS2. 74 percent of respondents see NIS2 as useful, but 57 percent doubt its substantial impact on EU cybersecurity levels. Consequently, NIS2 is not at the top of most respondents’ priority list.
read also
Veeam survey: two in three companies fail to meet NIS2 deadline
Skeptics cite additional obstacles such as the lack of completeness of NIS2 (35 percent), the belief that compliance does not guarantee security (34 percent) and overlap with existing regulations (25 percent). 42 percent of respondents who consider NIS2 unimportant attribute it to the inadequate consequences of non-compliance. At the same time, 62 percent describe NIS2 as “stringent.
“NIS2 moves the responsibility for cybersecurity from the IT department to executives. While many organizations recognize the importance of this directive, they are struggling to comply on time, indicating major systemic problems. The combined pressures of other business priorities and IT challenges may explain the delay, but this does not reduce the urgency,” Andre Troskie, EMEA Field CTO at Veeam, explains the results.