Nozomi Networks, a leader in OT and IoT security, has released the results of a new study highlighting an immediate need for EU critical infrastructure organisations to revise their operational technology (OT) security and risk management priorities to meet NIS2 compliance.
The report, Driving cyber resilience: the impact of the NIS2 Directive, found that the legislation appears to be a substantial challenge for most critical infrastructure organisations. Many still do not have visibility of all assets and networks to ensure full compliance and effective cyber protection.
With the Network and Information Security Directive (NIS2) to be incorporated in national laws by September 2024, EU critical infrastructure companies need to focus on risk management beyond IT to include OT. This makes it crucial for them to have greater visibility of all assets and networks, which requires regular risk analysis of operational networks.
The study among 300 IT security decision-makers in large organisations across Germany, France, Sweden and the Netherlands, was conducted by Vanson Bourne and found that for critical information systems, only 50% of organisations follow a schedule in terms of conducting and updating a risk analysis. Thirty-four percent do so on an ad hoc basis and 15% of companies across Europe do not currently conduct any risk analysis at all, with an even higher number in France (29%) and Sweden (22%).
Click below to share this article