ENISA has released its first NIS360 Report (2024), evaluating the implementation maturity of the NIS2 Directive across Europe.
👉 Official Source — ENISA
Key Findings
The report assesses cybersecurity preparedness across critical sectors such as energy, healthcare, transportation, finance, and digital infrastructure. Results indicate that while policy frameworks have improved, operational resilience remains uneven across Member States.
-
Many organizations still lack standardized incident reporting mechanisms.
-
Smaller enterprises in critical supply chains show gaps in risk management.
-
Cross-sector coordination is limited, creating vulnerabilities in interdependent systems.
Why It Matters
For compliance providers, this report offers a clear roadmap for advising clients:
-
Ensure your cybersecurity and data protection audits address NIS2 obligations.
-
Assist clients in developing risk-based security frameworks that include supply chain resilience.
-
Recommend standardized incident reporting tools and awareness training.
The NIS360 report will serve as a benchmarking tool for regulators, enterprises, and DPOs striving for NIS2 alignment by 2025.