One year to go: Preparing for NIS2 isn’t a compliance exercise – it’s a business opportunity

I recently read an insight from IDC that suggests addressing cybersecurity threats is the top board priority worldwide. Further, CEOs of large firms say security is their most important expenditure.

It was interesting to see the international consensus here. Certainly, in my work with Microsoft’s customers in Western Europe, I know cybersecurity is very much top of mind among the c-suite and IT leaders alike.

As of 2022 Europe faces a shortage of around 500,000 skilled cybersecurity professionals (up from 200,000 in 2021). What’s more, the threat landscape continues to evolve. The Microsoft Digital Defense Report shows that nation state attacks have increase d in the region, and bad actors are increasingly targeting essential services like energy, agriculture, transportation.

Getting NIS2-ready is ultimately a business opportunity.

It’s in this context that the EU is implementing the most comprehensive EU cybersecurity legislation to date: Network and Information Systems Directive 2 (NIS2). Set to come into effect in one year from now in October 2024, the purpose of NIS2 is to establish a baseline of cybersecurity measures for organizations that provide essential services.

160,000 companies across 18 sectors will be expected to comply. Municipalities, healthcare systems, financial services and manufacturing firms are a few examples.

It’s a comprehensive blueprint for cybersecurity resilience.

In fact, I’ve had conversations with colleagues and customers who have drawn parrels with GDPR. I think that’s a fair comparison. I also think GDPR offers some lessons that are instructive as companies prepare for NIS2 over the coming months.

NIS2 will help organizations ensure they are prepared to respond to the evolving threat landscape. That level of preparedness will only build trust among an organization’s customers, partners and stakeholders. This is exactly what we saw with GDPR. Clearly people and organizations only want to do business with those they trust.

Preparing for NIS2 isn’t a backroom IT issue – it calls for company-wide transformation.

Did you know that the median time for an attacker to begin moving within a corporate network after a single device is compromised is less than 2 hours? With criminals becoming more sophisticated, every person in an organization – from a factory floor manager to executives – needs the right skills and tools to recognize and effectively mitigate threats.

That said, many cybersecurity teams I work with are currently understaffed. It’s here where I see artificial intelligence (AI) tools playing an important role. This technology is augmenting the skills and experience of professionals, helping them identify and respond to threats with machine speed.

Again, just like with GDPR, preparing for NIS2 represents a transformation challenge – and opportunity – that will be as much about people as it is technology.

Successful transformation takes partnership.

The spirit behind NIS2 speaks to a simple truth: we can’t as a region address cybersecurity if we don’t work together. Collaboration across public and private sector organizations will be key. In addition, businesses will need trusted partners. Just as they would with any major transformation effort – as was the case with GDPR.

At Microsoft, the safety and security of our customers is our top priority. It’s why every product and service we create is “secure by design.” And behind our technology, we have a world-class team of cybersecurity professionals. Using AI, our teams can analyze trillions of pieces of cybersecurity data everyday – helping keep our customers safe and their businesses resilient.

We have a range of cybersecurity solutions that can help organizations with their NIS2 transformation journeys. With employee trainings, risk assessments, threat monitoring and incident alerts, we are committed to working with our customers to find the right tools and processes to prepare their businesses for NIS2 and beyond.

The bottom-line: Shoring up EU’s cybersecurity readiness is so much more than a compliance exercise. It’s an opportunity to build trust with your customers and maintain a competitive edge.

For more information on how Microsoft can help you get ready for NIS2 see Preparing for NIS2: More than a compliance exercise: an opportunity to future proof your organization.