ENISA issued its first NIS360 report assessing the Cybersecurity maturity companies in sectors of high criticality under the NIS2 Directive.

In an era of increasing cyber threats, the NIS2 Directive raises the bar for cybersecurity across critical sectors. ENISA’s recent NIS360 report provides a first-ever EU-wide snapshot of how prepared we really are.

Last month, ENISA issued its first NIS360 report assessing the Cybersecurity maturity companies in sectors of high criticality under the NIS2 Directive.

Key findings:

• Electricity, telecoms, and banking sectors stand out above the rest in terms of overall maturity.
• ICT service management, space, public administrations, maritime, health and gas are in the ‘risk zone’. These sectors need extra attention to ensure their maturity gaps are addressed.
• The public administrations sector is still in the early days of developing its cybersecurity maturity, lacking the support and experience.
• The health sector continues to face challenges such as the reliance on complex supply chains, legacy systems, and poorly secured medical devices.
• Surprisingly, the ICT service management sector is assessed at moderate maturity, notably lower than the rest of the digital-by-default sectors. With regards to cybersecurity maturity, there is a noticeable gap between entities’ perceptions (rating themselves 7/10) and authorities’ assessments (1/10).
• Between 60 and 80% of the companies assessed have supply chain risk management policies.   
   

For many, there are limited guidelines for effectively managing these risks, and risk assessment efforts are often inconsistent across sectors.