NIS2 requires enterprises to implement structured cybersecurity risk management and governance; identifying the scope of application is the first step.
Security gains from passkey adoption in central IT are negated by uncontrolled shadow IT using weak passwords, presenting organizational challenges for CISOs.
Compromised developer credentials and API keys on the dark web are early indicators of impending supply chain attacks and enable proactive defense measures.
NIS2 requires executive officers to assume direct responsibility for cybersecurity governance and incident reporting, with violations potentially resulting in personal liability.
CVE-2026-35273 in Oracle PeopleSoft was leveraged to extort over 100 organisations; Google identified 68% of targets in the higher education sector with stolen data exceeding 40 GB.
Only 5% of CISOs prioritize the “Harvest Now, Decrypt Later” threat despite second-highest concern about quantum computing, while standards for quantum-resistant encryption are available from 2024.
NIS2 and KRITIS impose varying levels of cybersecurity obligations on healthcare facilities depending on whether they are classified as critical infrastructure and their size.
