Most Polish companies may still not be ready to meet the requirements of the EU NIS2 directive on cybersecurity.
Up to 60% of companies in Poland may not be prepared to meet the requirements of the EU NIS2 directive on measures for a high common level of cybersecurity within the European Union. The Newseria Biznes news agency warns that failure to meet the requirements contained in this act will be associated with high penalties.
The aim of the NIS2 regulations is to raise the level of cybersecurity of organisations in the EU. This is to be done, for example, through mandatory staff training (including management), but also through companies checking each other’s security levels (e.g. with suppliers).
According to the plan, EU countries must implement the provisions of the directive by 17 October 2024 at the latest, but according to experts, more than half of companies may not be ready for the new regulations.
There are several reasons for this state of affairs, and one of the main reasons is that there is still no Polish legal act that would introduce the NIS2 directive into the legal order in Poland, i.e. we are actually talking about an amendment to the Act on the National Cybersecurity System.
– Paweł Śmigielski, country manager of Stormshield, told the Newseria Biznes agency.
Polish companies are also struggling with a lack of cybersecurity specialists, because according to estimates, there will be a shortage of at least 10,000 such specialists in our country in 2023. Financial issues are also a problem, because companies will have to allocate some funds to prepare for the changes.
The NIS2 Directive divides organizations covered by the regulations into key and important, which also affects the amount of penalties for failure to comply with the new requirements. According to Paweł Śmigielski, key entities must expect penalties of up to EUR 10 million or 2 percent of annual turnover, and important entities – up to EUR 7 million or 1.4 million turnover.