Three-quarters of UK organizations have yet to complete preparations for the EU’s Network and Information Security Directive (NIS2), according to a new study.
With just one year to go until the deadline for implementation, a majority of UK organizations are yet to fully address and compensate for the five key compliance requirements outlined in the new regulations, SailPoint found.
The new rules are an updated version of previous NIS regulations, introduced by the EU in 2018.
NIS2 essentially aims to build on the previous regulations and implement more robust cyber security and resilience standards among EU organizations, as well as more stringent reporting measures in the event of a security incident.
Under the updated regulations, all public and private entities operating in the EU will be required to adhere to new standards. The regulations specifically target organizations working in critical infrastructure sectors, such as energy, finance, and healthcare.
SailPoint’s study, based on a survey of 1,500 IT decision makers across the UK, France, and Germany, found that many UK firms have yet to even begin preparations for the new rules.
Four in five (80%) revealed they still need to properly secure supply chains while three-quarters (76%) said they have yet to assess the efficiency of existing cyber security measures.
Three-quarters of organizations also need to add new risk management measures (74%), implement HR security (76%), or provide cyber security training to staff (72%).
SailPoint warned that those who fail to comply with the new obligations could face harsh penalties. Organizations can face fines of up to €10 million for non-compliance, or the equivalent of 2% of their annual turnover.
“With just one year to go, businesses must put their foot to the floor when it comes to NIS2 compliance and get ahead on their cyber preparation,” said Stephen Bradford, senior vice president for EMEA at SailPoint.
“The threat landscape has been growing in volume and sophistication over recent years meaning the stakes have never been higher. Operational downtime, reputational damage, customer loss, and system restoration that follow any breach can cause a real headache for businesses."
Bradford said the current lax approach among some UK organizations bears similarities to the months preceding the implementation of the EU’s General Data Protection Regulation (GDPR).
RELATED RESOURCE
Comply with multiple regulations and industry standards
DOWNLOAD NOW
He urged that businesses “must learn from GDPR” and use the next 12 months to ensure cyber resilience “is at the core of the business models” to avoid falling foul of the regulations.
This is particularly important given certain aspects of the regulations pertaining to personal liability.
Under the new rules, senior management could be held liable for cyber security failings and regulatory infringements if their organization does not comply with its obligations.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Apple, Meta hit back at EU after landmark DMA finesNews The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunityNews Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directive
News The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member statesNews The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices
-
The EU's 'long-arm' regulatory approach could create frosty US environment for European tech firmsAnalysis US tech firms are throwing their toys out of the pram over the EU’s Digital Markets Act, but will this come back to bite European companies?
-
EU AI Act risks collapse if consensus not reached, experts warn
Analysis Industry stakeholders have warned the EU AI Act could stifle innovation ahead of a crunch decision
-
US-UK data bridge: Everything you need to knowNews The US-UK data bridge will ease the complexity of transatlantic data transfers
