Zscaler Report Reveals Disconnect on Ability to Meet NIS2

Share
The EU's NIS2 Directive has till 17 October 2024 to be implemented in the Bloc's member states
A recent report from Zscaler highlights a divergence in European businesses' confidence in meeting the NIS2 compliance and their understanding of it

As the cybersecurity landscape grows increasingly perilous, regulatory bodies in Europe and the US are ramping up efforts to bolster defences and enforce stringent standards across industries. 

Yet, a recent report from IT security company Zscaler, titled "NIS 2 & Beyond: Risk, Reward & Regulation Readiness," highlights a concerning disconnect between European businesses' confidence in meeting the NIS2 compliance requirements and their understanding of what achieving compliance entails.

While 80% of European IT leaders expressed confidence in meeting the NIS2 compliance deadline, only 53% believed their teams fully grasped the directive's demands, and a mere 49% felt leadership comprehended the implications.

This disconnect is further exacerbated by a lack of support from leadership, with 56% of IT leaders stating their teams lacked the necessary backing from the top to meet the compliance deadline, despite 32% citing NIS2 as a top priority.

The EU's NIS2 Directive, which came into force in January 2023 and has till 17 October 2024 to be implemented across member states, aims to enhance the overall level of cybersecurity within the bloc. 

This directive expands the scope of the previous NIS framework, encompassing new sectors and entities to improve resilience and incident response capabilities. 

Cybersecurity compliance across the world

Across the Atlantic, the US has taken a parallel approach with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Originally introduced in 2014, the CSF has recently undergone its first major update, dubbed CSF 2.0, to address the evolving cybersecurity landscape. The revised framework expands its scope beyond critical infrastructure protection to encompass organisations of all sizes and sectors.

A notable addition to CSF 2.0 is the "Govern" function, which emphasises the importance of cybersecurity governance within organisations. This component underscores the need for senior leaders to consider cybersecurity as a significant source of enterprise risk, alongside factors such as finance and reputation.

By integrating governance into the framework, NIST aims to foster a culture of informed decision-making and strategic alignment in addressing cybersecurity challenges.

Youtube Placeholder

Cybersecurity landscape

The timing of these regulatory developments is particularly crucial, as the cyber threat landscape has entered a new era of sophistication and unpredictability. 

Geopolitical and economic factors have contributed to a complex environment, with cybercriminals leveraging advanced techniques like AI-powered malware, phishing scams, and social engineering attacks to exploit vulnerabilities. 

Insider threats have also emerged as a growing concern, with industry analysis indicating a 47% increase over the past two years, resulting in substantial financial losses for organisations.

As regulatory bodies tighten their grip and organisations grapple with an ever-evolving threat landscape, the need for a holistic and proactive approach to cybersecurity has never been more pressing. Compliance with frameworks like NIS2 and NIST CSF 2.0 is not merely a box-ticking exercise but a strategic imperative for safeguarding digital assets and ensuring business continuity.

The EU's introduction of legislation aimed at tightening cybersecurity and handling of data, such as GDPR, the Cyber Resilience Act, and DORA demonstrates how the world is beginning to take cybersecurity more seriously, especially in the age of advanced attacks from AI and the rise in ransomware. 

But businesses must be prepared for that change. As James Tucker, Head of CISO at Zscaler, stated, "Regulations by themselves will never be the answer to first-class cybersecurity hygiene – particularly given the scale of the cybersecurity challenge. Rather than a problem to solve, regulations should be viewed as an opportunity to raise foundational security up a rung."

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik bran

Share

Featured Articles

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security