Susan Walsh

Only 13 per cent of attendees at a William Fry seminar on NIS2 said they were very confident in their vendors’ and suppliers’ cybersecurity practices.

The event, “Navigating NIS2: Requirements, Best Practices and Practical Insights”, highlighted the latest trends and challenges in the cybersecurity landscape and provided a platform for industry experts to share insights and best practices for compliance with the new directive.

Key trends under discussion included cyber incidents in Ireland, supply chain attacks and emerging technologies including AI and machine learning.

Chaired by Susan Waslsh, consultant in William Fry’s technology department, the seminar featured a panel of cybersecurity experts including William Fry partner Rachel Hayes, Microsoft cloud security technical specialist David Keddy, and the National Cyber Security Centre of Ireland’s director of resilience, Joseph Stevens.

A series of polls over the course of the seminar found that:

• 28 per cent of those polled believed their organisation’s board is very actively involved in cybersecurity and NIS2 compliance;
• 60 per cent of those surveyed said their organisation had a fully implemented cybersecurity governance framework in place;
• 24 per cent of respondents’ organisations provide monthly cybersecurity risk assessments, while 36 per cent conduct risk assessments quarterly and 20 per cent only providing risk assessments after an incident occurs; and
• 26 per cent of respondents reported their IT/cybersecurity teams lead their NIS2 compliance program, while 44 per cent are led by legal/compliance teams.

Ms Walsh said: “The NIS2 Directive represents a significant step forward in harmonising cybersecurity measures across the EU.

“It is crucial for organisations to understand their responsibilities and take proactive steps to enhance their cybersecurity posture.”

Mr Stevens noted: “The NIS2 Directive represents a significant shift in our national approach to cybersecurity, demanding a higher level of resilience across critical sectors. While it introduces new obligations, organisations shouldn’t feel overwhelmed.

“The NCSC is committed to providing comprehensive guidance and resources to help businesses navigate these changes effectively. I encourage all affected entities to begin their preparations now, utilising the available supports on nis2.gov.ie to ensure they are ready to meet their obligations.”

Mr Keddy added: “NIS2 is a significant step forward in enhancing the resilience of the services people rely on in their daily lives… a secondary effect is that the steps needed to prepare for NIS2 are the same steps needed to deliver on the AI promise over the coming years.”