Read Time, 3 min.

New research: Getting NIS2 ready  

The European wide directive Network and Information Security 2 (NIS2) comes into effect on 17 October, with the aim of strengthening Europe’s ability to collectively defend against cyber-attacks and protect the region’s critical infrastructure. 

This new directive will impact upwards of 180,000 organizations, from healthcare and transport, to manufacturing and supply chain. Most organizations are aware of NIS2 and what it aims to achieve (as well as the costs), but research from IDC has shown that only 14% of organizations are fully ready for NIS2. The majority, at 77%, are partially there. 

 With so few organizations across the NIS2 finish line and the official deadline for compliance fast approaching, I wanted to share some of the findings from this research, and how you can move your organization’s transformation efforts forward. 

NIS2 Capable 

IDC has found that over 90% of organizations impacted by NIS2 are aware of it and have taken first steps in taking action to align with the directive. 

About one in five (17%) are categorized as IDC as being NIS2 ‘capable.’  

 Organizations at this level of readiness have a long way to go however, with the need for many to implement all necessary compliance procedures and policies. 

Let’s take incident handling as an example, which is a key requirement of NIS2. With large organizations often being the target of multiple, complex cyberattacks, the rapid co-ordination of multiple stakeholders and timely reporting of incidents is what allows for quicker response and recovery, as well as minimizing the impact on essential services and the wider economy. Having robust technical protection will clearly help but organizations also need to think through the complete response to a security incident. 

Technologies like Microsoft Defender and Microsoft Sentinel will help security teams handle incidents with a real time, comprehensive view of security issues. But the work on becoming NIS2 ready relies on an organization’s ability to create a fully robust set of compliance procedures and policies that engage the board and wider organization. This is what ensures that everyone is on board with how to respond to a security incident and how to keep the business going with a minimal impact on operations.
 

NIS2 Equipped

The next level of readiness IDC identified was NIS2 ‘equipped.’ About one-third (33%) of organizations fall into this category, and are characterized as being able to address most NIS2 requirements.  

The way to move beyond this level of readiness is to conduct a gap analysis of your security measures, and also what’s needed to meet NIS2 requirements or security standards such as ISO 27001.

Let’s consider supply chain security as an example, which is another key NIS2 requirement. When organizations enhance the security and resilience of their own organizations, cyber-criminals will look for other routes to compromise security via weaknesses in an organization’s supply chain. 

Addressing supply chain vulnerabilities is key to ensuring your own assets remain secure. Microsoft tools like Compliance Monitoring, Security Posture Management and Conditional Access Policies can help you control and manage the external access of organizational assets and customer tenants, but your security will still be dependent on your ability to identify gaps and challenges in your security posture.  

All organizations impacted by NIS2 should be in the process of identifying the challenges they have and develop action plans now.
 

Are you NIS2 ready? 

According to the IDC, organizations at the ready level for NIS2 (14%) exhibit the highest degree of preparedness for incident handling, have business continuity measures in place and deploy robust technology to ensure supply chain security and advanced encryption or cryptography. 

At Microsoft, we stand ready to help organizations of all kinds use  NIS2 as an opportunity to advance their cybersecurity posture. Our unique perspective in the security market and comprehensive suite of secure cloud-based solutions can help you identify, prevent, and mitigate against the cyberthreats we are facing today and in the future.   

Source: IDC Infobrief, Sponsored by Microsoft, NIS2 Readiness: A Guide for Organizations in Europe, #EUR252440224, July 2024 

> Read the IDC report in full 

Join us: Microsoft Discover Hour: Prepare for the new AI and regulatory landscape with Microsoft Purview

Our leading experts will show how Microsoft Purview can help you adopt AI securely, use AI to improve your data compliance, and deploy a data security program successfully. We will also share the findings of the latest IDC research on how prepared the European markets actually are for the NIS2 countdown.

Discover more related articles per industry:

Education

Finance & Insurance

Government

Healthcare

Manufacturing

Retail

  • Woman clothes shopping

    Italy’s National Chamber of Fashion turns the Milan Fashion Week into a digital event

    Fashion brands all over the world have spent the past year reimagining the industry with a more digital mindset. The disrupting effect of COVID-19 has forced them to keep their stores shut for long months, cancel their fashion shows and make their day-to-day operations much more complex than they used to be. Yet as the […]

  • female shopkeeper looking at her work tablet

    Create flexible retail supply chains that are built to last

    In a powerful storm, a tree that does not bend is likely to break. In 2020, the pandemic put storm-like forces on global supply chains – and many of them simply broke. There were shortages of many household items and commercial supplies, with many retailers forced to ration sales of some products.  This showed how […]

Discover more related articles per dossier:

Customer Stories

  • A woman undergoing a scan

    Predictive maintenance is improving quality of life for cancer patients

    With cancer affecting more than 17 million people annually, a figure set to rise dramatically in the coming years, efficient and cost-effective treatment is essential. Since deploying Microsoft Azure IoT, IBA Worldwide, a leading developer of medical equipment for cancer treatment, has been able to reduce the cost of maintenance and improve repair times for […]

Digital Transformation

  • A woman working in healthcare talking to another woman

    How Capio is using interoperability and conversational intelligence to transform healthcare

    “Our doctors and staff were running faster and faster. Like mice on a wheel trying to keep up,” recalls Niklas Sundler, Technology Innovation Director at Ramsay Santé and Capio, as he explains how COVID-19 changed the rules of healthcare delivery as it swept across Sweden in early 2020. “Everything happened so quickly,” Sundler continues. “We […]

Security & Privacy

Tips

  • Asian woman looking at a tablet

    Microsoft Cloud for Retail: Connect your customers, people, and data

    Retailers have experienced times of tremendous uncertainty. It’s time to lean into change and thrive by becoming a resilient retailer that drives sustainable profitability and growth. We work closely with our partner ecosystem to offer proven solutions that help retailers in 4 key areas to become resilient and experience sustainable success:  Maximize the value of […]