In a nutshell: Regulatory pressure from NIS2 and volume-dependent costs of commercial SIEM systems are driving mid-market companies to evaluate options between open source and proprietary solutions.
The implementation of NIS2 in Germany and Austria as well as increased cyber insurance requirements are obligating mid-market companies to maintain continuous security monitoring. Decision-makers must weigh cost-effective open source platforms such as Wazuh against established SIEM products.
Regulatory requirements for IT security in the DACH region have fundamentally tightened. The NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG) came into force in Germany on 6 December 2025, obligating an estimated 30,000 to 40,000 companies to report significant security incidents to the Federal Office for Information Security (BSI) within 24 hours. Austria has anchored comparable requirements with the Network and Information Systems Security Act 2026 (NISG 2026) effective 1 October 2026 for approximately 4,000 to 5,000 entities. Switzerland has regulated reporting obligations since 1 April 2025 through Article 74a of the Information Security Act for operators of critical infrastructure.
The global SIEM market reflects this pressure: the market volume stood at approximately 12.56 billion US dollars in 2024 and is expected to grow to 31.45 billion US dollars by 2032, corresponding to an average annual growth rate of 12.1 percent. Mid-market companies face concrete decision imperatives. Regulatory compliance requirements make security monitoring a prerequisite, while cyber insurers increasingly demand evidence of continuous monitoring as a coverage condition. A central cost problem: commercial SIEM products operate with volume-dependent pricing models in which costs rise proportionally to log volume. What appears manageable in pilot phases becomes a substantial budget item in production operation.
Wazuh has been the most widely used open source security platform globally since 2015 and originates from a fork of the host-based intrusion detection system OSSEC. The platform covers central SIEM functions: centralized log management and data aggregation from heterogeneous sources, real-time detection and alerting on security-relevant events, event correlation across multiple systems, and compliance reporting for NIS2, ISO 27001, and GDPR. Commercial SIEM solutions, by contrast, offer established support structures, optimized automation, and pre-configured scenarios for compliance requirements, but require substantial license commitment and ongoing cost burden.
Source: www.it-daily.net · Published 22 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.