14 01732 759725 reviewing cybersecurity processes and best practices (29%), developing new policies and procedures (28%), investing in new technology (28%) and increasing budget for cybersecurity (28%). The primary ‘enablers’ of NIS2 compliance – new technology solutions (27%), IT audits (25%) and internal organisational skills (25%) – also require valuable budget and expertise. The combination of static or falling IT budgets and the allocation of additional funds for NIS2 compliance mean that in companies required to comply with NIS2, 80% of EMEA IT budgets are now allocated to cybersecurity and compliance. This leaves little room to address IT leaders’ top challenges, such as the skills gap, profitability and digital transformation. Even though NIS2 compliance is tenth on leaders’ list of priorities, 30% of survey respondents say they have dipped into recruitment budgets to support NIS2 compliance efforts. Andre Troskie, Field CISO EMEA at Veeam, said: “Maintaining security and compliance is vital for any organisation, but the fact that it currently consumes most of the IT budget highlights how underprepared and under-resourced organisations are. IT leaders have limited budgets, yet still need to find the resources to meet NIS2 requirements quickly. Those who adopt a holistic approach to security and best practices before legislation mandates them to do so will naturally face less pressure, allowing them to better address other key priorities and challenges.” What NIS2 means for UK businesses Although NIS2 does not affect UK companies directly, any that do business with EU entities must comply with the directive. Even those that don’t will need to comply with the UK Government’s upcoming Cyber Security and Resilience Bill due to be introduced to Parliament in 2025. Veeam argues that as the only country surveyed to report an increase in IT budgets since January 2023, with 62% of UK-based IT decision-makers reporting a budget hike and just 14% seeing a decrease, UK businesses have been able to invest more heavily in improving their security posture. technical debt (24%), lack of leadership understanding (23%) and insufficient budget/investments (21%). This suggests NIS2 is likely to continue to skew IT investment priorities for months to come. Veeam analysis highlights two areas where it has already had a big impact: 1 IT Budgets. While more than two thirds (68%) of IT leaders have managed to secure additional budget for NIS2 compliance, 20% cite lack of budget as a significant barrier to achieving compliance – hardly surprising considering 40% of respondents have seen a reduction in IT budgets and a further 20% have seen no change since the political agreement for NIS2 in January 2023. To secure the budget needed for compliance, 95% of organisations have diverted funds from elsewhere in the business, including risk management (cited by 34%), recruitment (30%), crisis management (29%) and emergency reserves (25%). Veeam Field CTO EMEA Edwin Weijdema points out that while the emphasis on corporate accountability and stringent penalties for non-compliance may help business leaders secure extra funds, it comes at a price. “As most IT budgets are either being cut or remaining stagnant – effectively shrinking due to rising business costs and inflation – NIS2 is pulling from an already limited pool. It’s particularly concerning to see funds being redirected from recruitment and emergency reserves. NIS2 shouldn’t be treated as a crisis, yet one in four businesses appears to view it that way,” he said. 2 Business challenges. Veeam warns that the reallocation of funds is amplifying existing challenges that rank higher on IT leaders’ list of priorities, such as the skills gap (24%), profitability concerns (23%), digital transformation (23%), the rising cost of doing business (20%) and a lack of resources (20%). This list of challenges highlights human and financial resources as key limiting factors for business leaders, yet the steps businesses are taking to achieve NIS2 compliance make big demands on both. These include conducting IT audits (29%), On October 18, the Network and Information Security Directive 2022/2555 (NIS2) came into force, introducing new cybersecurity compliance requirements for EU businesses (and those doing business with them), such as defining incident response plans, securing supply chains, assessing vulnerabilities and evaluating overall security levels, including for affiliated organisations, partners and supply chains. NIS2 has already had a significant impact on businesses in the EU, with 95% of organisations diverting budget from elsewhere in the business to cover compliance costs, according to a new survey by Veeam Software. Even so, 66% of the 500‑plus EMEA IT decision-makers surveyed by Censuswide were expecting to miss the compliance deadline for a variety of reasons including NIS2 compliance takes its toll Veeam survey highlights the extent to which NIS2 has diverted investment from other business priorities Cybersecurity Edwin Weijdema Andre Troskie
RkJQdWJsaXNoZXIy NDUxNDM=