NIS 2 obligations: Overconfidence among managers

Only 14 percent already comply with the NIS 2 security directive – and 80 percent still want to comply with it by October. Current figures cast doubt on this.

(Image: iX)

Jun 4, 2024 at 9:38 pm CEST

2 min. read

iX Magazin

By

Moritz Förster

This article was originally published in German and has been automatically translated.

80 percent of IT managers believe they will be able to comply with the NIS 2 directive by the October deadline – but only 14 percent of companies are already doing so. This is the result of a recent survey by Zscaler of 875 European IT managers. NIS 2 introduces new obligations in IT security, and management will be liable for damages in the future.

Fittingly, for 32 percent of IT managers, the NIS 2 directive is the highest priority among managers in their own company, while for 52 percent of respondents it is becoming increasingly important. CIOs, CEOs and CISOs are equally concerned with compliance. However, Zscaler warns against overestimating the importance of compliance.

This workshop offers a comprehensive insight into current information security requirements and measures and helps to identify threats, minimize risks and ensure a secure cloud environment. Specifically, it deals with security standards and frameworks such as Kritis/NIS2, ISO 27001, DORA and TISAX. The workshop will take place online. Dates and further information can be found at heise.de/s/VvDr

It is interesting to note that, according to the survey, only 49% of IT managers believe that company management fully understands the new requirements. At 53 percent, hardly anymore believe that their subordinate employees fully understand the NIS 2 obligations.

Update or wholly new?

In line with this, 62 percent see the new directive as a significant departure from their previous security strategy. This is an extension of the existing NIS framework. In the summary of the study, Zscaler assumes that companies are therefore not using the latest security technology.

As proof of this, the security provider points out that only 32% of those surveyed now rate their current cyber hygiene as excellent - and two fifths have not yet implemented a Zero Trust architecture. Zscaler's conclusion: many companies would only do the bare minimum in the area of security for as long as possible.

The risk of companies trying to fulfill their obligations at the last minute is high - and this is not just Zscaler's focus as a provider in this area: Ulrich Plate, consultant for information security, confirms in an iX interview that more companies than expected will have to prepare for NIS 2. You can find out what potentially affected companies need to prepare for here.