In brief: Fewer than 40% of companies have met NIS2 requirements so far; the rest require immediate planning and prioritization of implementation.
A survey shows that only about two-fifths of companies already meet the requirements of the NIS2 Directive. For CISOs, this means that the majority still faces significant implementation work ahead.
According to current data, 38.5% of surveyed companies currently meet the obligations of the NIS2 Directive. This rate indicates that the majority of organizations are lagging behind in the implementation of the new security standards.
The NIS2 Directive obligates companies in critical infrastructure sectors as well as large digital service providers to implement enhanced cybersecurity measures. These include governance structures, incident management, supply chain security and regular security reviews. The deadline for national implementation in many EU member states is in 2024 or early 2025.
These figures send a clear signal to action for CISOs and security officers: where technical and organizational maturity is still insufficient, priority measures are required in the coming months to close compliance gaps and avoid fines. Often, delays are less due to technical factors than to organizational and governance issues such as the designation of responsible parties, documentation, or awareness-raising in business units.
Source: news.google.com · Published June 14, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.