In an increasingly hostile cybersecurity landscape, organizations cannot afford to let their guard down against cyber attacks. The year 2024 presents an unprecedented threat, with a significant increase in the number of cyber attacks, which has placed Spain in the eighth position of the most attacked countries globally. Faced with this increasing pressure, companies must implement much stricter security measures, including better risk assessment and management. In response to this context, the European Union has reviewed and updated the NIS2 Directive (Network and Information Systems Security Directive) of 2016.

The new regulations, which must be incorporated into the national legislation of the Member States before October 17, seek to strengthen the capacity to respond to cyber incidents in an environment that is increasingly complicated by the increase in threats. Companies face the challenge of adapting to a scenario where attacks are more sophisticated and dangerous year after year.

The human factor and the supply chain, main challenges for adaptation to NIS2

It is estimated that more than 2,000 companies in Spain, in critical sectors such as energy, transportation, health and finance, will have to adopt a series of measures to better manage cyber risks. These measures include improving incident reporting processes, being prepared to collaborate more actively with other actors in the sector and with authorities, and encouraging greater coordination between the public and private sectors. All of this aims to articulate a more effective response to possible cyber attacks.

Iván Bermejo, head of the defensive security team at Innovery by Neverhack Spain, highlights the importance of companies understanding the details of the directive and adequately preparing to integrate it. “Our challenge is to help companies design a roadmap that allows them to adapt to these regulations effectively,” he comments.

New NIS2 directive

For Bermejo, compliance with NIS2 goes beyond updating technological systems. The main challenges lie in the human factor and supply chain management:

  • Awareness and training. Although current technology is well equipped to face cyberattacks, the real vulnerable point remains the human factor. The majority of cybersecurity incidents, between 75% and 95%, are the result of human error. Therefore, training employees in cyber resilience and making them a central part of the security strategy is essential to minimize risks.
  • Supply chain management. NIS2 introduces a change in the way companies must interact with their suppliers. Organizations are now required to evaluate their suppliers and ensure their interactions are properly protected. This involves, among other things, providing segregated VPN access and applying strict security measures in external communications. Companies that cannot adapt to these new requirements will have to reconsider their relationships with third parties to comply with the regulations.

Sanctions for not complying with regulations can reach up to 10 million euros for companies in critical sectors. However, beyond the economic sanctions, the reputational impact and loss of trust from customers and partners can be devastating. Therefore, it is crucial that companies develop clear strategies to align with the requirements of NIS2 and thus protect their technological systems in the long term.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.