Skip to content

NIS2 Directive: Nearly Half of Companies Underestimate Compliance Requirements

Bottom line: Nearly half of companies underestimate the actual effort required to implement NIS2 compliance.

An analysis shows that 48 percent of companies underestimate the requirements of the NIS2 Directive. This indicates a widespread gap between planned and actually required measures.

According to a recent survey, 48 percent of surveyed companies report underestimating the compliance requirements of the NIS2 Directive. This reveals a critical misjudgment of regulatory effort that can quickly become problematic in practical implementation.

For CISOs, this miscalculation has immediate consequences: the regulatory minimum security standards, incident response requirements, and documentation obligations are precise and will be verified by national authorities. Those who underestimate the necessary investments, resources, or implementation timelines risk finding deviations during audits and inspections or even facing sanctions.

The figure suggests that many organizations have not yet fully grasped the depth of the required organizational changes, the technical control measures required, and the complexity of compliance documentation. A realistic risk analysis and resource planning are therefore necessary to align the actual implementation status with regulatory requirements.


Source: news.google.com · Published June 24, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: