In October 2024, the implementation of the NIS2 Directive by all Member States will mark a significant change in cybersecurity requirements for companies in Europe. At the same time, Spain has experienced an increase in the frequency and sophistication of cyberattacks.

During the first quarter of 2024, Spanish companies faced an average of 1,152 cyberattacks per week per company, a figure close to the global average of 1,308, according to Check Point Research. This constant increase in cyberattacks highlights the need to implement more robust and effective regulations to protect companies.

“Complying with NIS2 is not just a regulatory obligation, but a strategic necessity to protect businesses against the growing cyber threat landscape,” concludes Mario García, general manager of Check Point for Spain and Portugal. “At Check Point Software, we offer a unified advanced security platform to help companies comply with NIS2, including next-generation firewalls, threat prevention and management systems.”

Consequences of non-compliance with NIS2

Check Point Software Technologies warns of the specific risks that Spanish companies will face if they do not adapt to this regulation in time:

  • Severe economic sanctionsEssential businesses could face fines of up to €10 million or 2% of their annual global turnover, while important entities could be fined up to €7 million or a maximum of 1.4% of their annual global turnover.
  • Management responsibility: Managers must approve and oversee cybersecurity risk management strategies. Failure to comply could result in personal liability, sanctions and possible suspension from their duties.
  • Damage to reputation: NIS2 requires transparent and appropriate management of security incidents. A data breach could seriously damage a company’s reputation, resulting in potential legal action by affected customers, partners or employees.
  • Operational interruptions:Failure to comply with regulations leaves businesses more vulnerable to cyberattacks, which can lead to significant operational downtime. Without the incident management procedures established by NIS2, responding effectively to a breach can be difficult, prolonging downtime.
  • Competitive disadvantages: NIS2 sets high cybersecurity standards, differentiating companies that meet these standards from their competitors. Companies that fail to adapt may lose competitiveness and market share.
  • Complications in supply chain management: Regulations require an assessment and management of security risks throughout the supply chain. Non-compliance can lead to vulnerabilities that affect not only the company, but also its partners, increasing the risk of security incidents and their legal and economic consequences.