Zscaler Report Reveals Disconnect on Ability to Meet NIS2

The EU's NIS2 Directive has till 17 October 2024 to be implemented in the Bloc's member states
A recent report from Zscaler highlights a divergence in European businesses' confidence in meeting the NIS2 compliance and their understanding of it

As the cybersecurity landscape grows increasingly perilous, regulatory bodies in Europe and the US are ramping up efforts to bolster defences and enforce stringent standards across industries. 

Yet, a recent report from IT security company Zscaler, titled "NIS 2 & Beyond: Risk, Reward & Regulation Readiness," highlights a concerning disconnect between European businesses' confidence in meeting the NIS2 compliance requirements and their understanding of what achieving compliance entails.

While 80% of European IT leaders expressed confidence in meeting the NIS2 compliance deadline, only 53% believed their teams fully grasped the directive's demands, and a mere 49% felt leadership comprehended the implications.

This disconnect is further exacerbated by a lack of support from leadership, with 56% of IT leaders stating their teams lacked the necessary backing from the top to meet the compliance deadline, despite 32% citing NIS2 as a top priority.

The EU's NIS2 Directive, which came into force in January 2023 and has till 17 October 2024 to be implemented across member states, aims to enhance the overall level of cybersecurity within the bloc. 

This directive expands the scope of the previous NIS framework, encompassing new sectors and entities to improve resilience and incident response capabilities. 

Cybersecurity compliance across the world

Across the Atlantic, the US has taken a parallel approach with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Originally introduced in 2014, the CSF has recently undergone its first major update, dubbed CSF 2.0, to address the evolving cybersecurity landscape. The revised framework expands its scope beyond critical infrastructure protection to encompass organisations of all sizes and sectors.

A notable addition to CSF 2.0 is the "Govern" function, which emphasises the importance of cybersecurity governance within organisations. This component underscores the need for senior leaders to consider cybersecurity as a significant source of enterprise risk, alongside factors such as finance and reputation.

By integrating governance into the framework, NIST aims to foster a culture of informed decision-making and strategic alignment in addressing cybersecurity challenges.

Youtube Placeholder

Cybersecurity landscape

The timing of these regulatory developments is particularly crucial, as the cyber threat landscape has entered a new era of sophistication and unpredictability. 

Geopolitical and economic factors have contributed to a complex environment, with cybercriminals leveraging advanced techniques like AI-powered malware, phishing scams, and social engineering attacks to exploit vulnerabilities. 

Insider threats have also emerged as a growing concern, with industry analysis indicating a 47% increase over the past two years, resulting in substantial financial losses for organisations.

As regulatory bodies tighten their grip and organisations grapple with an ever-evolving threat landscape, the need for a holistic and proactive approach to cybersecurity has never been more pressing. Compliance with frameworks like NIS2 and NIST CSF 2.0 is not merely a box-ticking exercise but a strategic imperative for safeguarding digital assets and ensuring business continuity.

The EU's introduction of legislation aimed at tightening cybersecurity and handling of data, such as GDPR, the Cyber Resilience Act, and DORA demonstrates how the world is beginning to take cybersecurity more seriously, especially in the age of advanced attacks from AI and the rise in ransomware. 

But businesses must be prepared for that change. As James Tucker, Head of CISO at Zscaler, stated, "Regulations by themselves will never be the answer to first-class cybersecurity hygiene – particularly given the scale of the cybersecurity challenge. Rather than a problem to solve, regulations should be viewed as an opportunity to raise foundational security up a rung."

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik bran

Share

Featured Articles

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security