In a nutshell: Around 30,000 German companies must upgrade their cybersecurity according to NIS2 requirements and train their boards in IT security.
With the implementation of the NIS2 Directive, approximately 30,000 companies in Germany must increase their cybersecurity standards and train their boards accordingly. The requirements particularly affect critical infrastructures and important services.
The NIS2 Directive obligates companies classified as critical or important infrastructures to implement enhanced cybersecurity measures. Approximately 30,000 organizations in Germany fall under this definition and must upgrade their systems by a specified deadline.
For CISOs, this concretely means: network segmentation, multi-factor authentication, incident response plans and regular security tests become minimum requirements. A key aspect of the directive is the obligation to train boards and management in cybersecurity fundamentals – this deliberately shifts responsibility to the highest management level.
Companies face considerable pressure to act: a company-wide inventory of existing measures, identification of gaps, budget planning for necessary investments and building up security personnel are typical first steps. In addition, documentation and demonstrability of all measures must be increased to meet regulatory requirements.
Source: news.google.com · Published May 30, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.