Only 13% of William Fry seminar attendees on NIS2 are very confident in their vendors’ and suppliers’ cybersecurity practices.

William Fry recently hosted an event ‘Navigating NIS2: Requirements, Best Practices and Practical Insights’, which highlighted the latest trends and challenges in the cybersecurity landscape and provided a platform for industry experts to share insights and best practices for compliance with the new directive.

A number of key trends were discussed:

1. Cyber Incidents in Ireland: The National Cybersecurity Centre of Ireland has reported that in 2023, of the more than 5,000 incident reports it received over 700 were confirmed as cybersecurity incidents.
2. Supply Chain Attacks: Cybercriminals are increasingly targeting supply chains to exploit vulnerabilities in third-party vendors, affecting multiple organisations through a single compromised supplier.
3. Emerging Technologies: The rise of artificial intelligence (AI) and machine learning (ML) presents both opportunities and challenges for cybersecurity.

The seminar provided an overview of the NIS2 Directive, and featured a panel of cyber security experts, chaired by Susan Walsh, Consultant in William Fry’s Technology Department and including:

• Rachel Hayes, a Partner in William Fry’s Technology Department and a leading expert in data protection and cybersecurity law.
• David Keddy, Cloud Security Technical Specialist at Microsoft.
• Joseph Stevens, Director of Resilience at the National Cyber Security Centre of Ireland.

Over the course of the seminar, attendees were asked to partake in a number of polls with the following results:

• 28% of those polled believed their organisation’s board is very actively involved in cybersecurity and NIS2 compliance
• 60% of those surveyed said their organisation had a fully implemented cybersecurity governance framework in place
• 24% of respondents’ organisations provide monthly cybersecurity risk assessments, while 36% conduct risk assessments quarterly and 20% only providing risk assessments after an incident occurs
• 26% of respondents reported their IT/Cybersecurity teams lead their NIS2 compliance program, while 44% are led by Legal/Compliance teams.

Commenting on the enactment of NIS2 Susan Walsh stated:

The NIS2 Directive represents a significant step forward in harmonising cybersecurity measures across the EU. It is crucial for organisations to understand their responsibilities and take proactive steps to enhance their cybersecurity posture.

Joseph Stevens noted that: “The NIS2 Directive represents a significant shift in our national approach to cybersecurity, demanding a higher level of resilience across critical sectors. While it introduces new obligations, organisations shouldn’t feel overwhelmed. The NCSC is committed to providing comprehensive guidance and resources to help businesses navigate these changes effectively. I encourage all affected entities to begin their preparations now, utilising the available supports on nis2.gov.ie to ensure they are ready to meet their obligations.”

David Keddy: “NIS2 is a significant step forward in enhancing the resilience of the services people rely on in their daily lives… a secondary effect is that the steps needed to prepare for NIS2 are the same steps needed to deliver on the AI promise over the coming years.”

For more information on NIS2, see William Fry’s TechReg Connect software solution. Contact Leo Moore, Rachel Hayes, Susan Walsh, or your usual William Fry contact on our expert Technology team.