NIS2 and DORA: The Impact on Resource Constraints and Skills Gaps

Compliance with NIS2: A Significant Challenge

Compliance with NIS2, which entered into force in October 2024, has had a significant impact on resource constraints and skills gaps, according to a survey conducted by software company Veeam. The survey found that 95% of NIS2-impacted companies had to divert funds from other business areas to cover the costs of NIS2 compliance.

The Scope of DORA: A New Level of Regulatory Control

As for DORA, its scope does include entities that may be new to this level of regulatory control, said Andrew Rose, CSO at SoSafe.

Entities within the Scope of DORA

“Unregulated entities, such as credit rating agencies and certain types of exempt lending, factoring, and mini-bonds, and those associated with new financial models, such as crypto exchanges and peer-to-peer lending platforms, fall into the scope of DORA,” Rose pointed out.

The Impact of DORA on Unregulated Entities

For these entities, the requirements of DORA may mandate a new level of control, together with formalized oversight, requiring spending on both solutions and staffing.

The Challenges of Compliance

The challenges of compliance with NIS2 and DORA are significant, and companies must be prepared to invest time and resources to ensure compliance.

Resource Constraints

The survey conducted by Veeam found that 95% of NIS2-impacted companies had to divert funds from other business areas to cover the costs of NIS2 compliance. This highlights the significant resource constraints that companies face in terms of budget and personnel.

Skills Gaps

The survey also found that 75% of NIS2-impacted companies reported a skills gap in terms of the expertise required to implement NIS2 compliance. This highlights the need for companies to invest in training and development to ensure that they have the necessary skills and expertise to comply with the regulations.

Conclusion

In conclusion, compliance with NIS2 and DORA is a significant challenge for companies, requiring significant investment in resources and personnel. Companies must be prepared to invest time and money to ensure compliance, and must also invest in training and development to ensure that they have the necessary skills and expertise to comply with the regulations.

FAQs

Q: What is NIS2?

A: NIS2 is a European Union regulation that requires companies to implement certain security measures to protect against cyber threats.

Q: What is DORA?

A: DORA is a European Union regulation that requires companies to implement certain security measures to protect against cyber threats, and also requires companies to report certain security incidents to the relevant authorities.

Q: What are the penalties for non-compliance with NIS2 and DORA?

A: The penalties for non-compliance with NIS2 and DORA include fines and other penalties, which can be significant. Companies that fail to comply with the regulations may also face reputational damage and loss of customer trust.

Q: How can companies ensure compliance with NIS2 and DORA?

A: Companies can ensure compliance with NIS2 and DORA by implementing the necessary security measures, such as encryption and firewalls, and by reporting certain security incidents to the relevant authorities. Companies should also invest in training and development to ensure that they have the necessary skills and expertise to comply with the regulations.