With the NIS2 regulations now in play, IT leaders in the EU are feeling the pinch. A recent Censuswide study by Veeam Software reveals a stark picture: 95% of these leaders struggle to secure enough budget for compliance, often raiding funds set aside for other important areas.
While 68% of companies did land some extra budget for NIS2 compliance, many had to take it from critical pots: 34% pulled from risk management, 30% from recruitment, 29% from crisis management, and 25% from emergency funds. Edwin Weijdema from Veeam highlights the challenge, pointing out that while the penalties associated with NIS2 may push for better funding, the reality is that IT budgets are staying the same or getting cut, thanks to inflation and rising costs. This leaves some organizations scrambling, treating NIS2 compliance like a crisis rather than a standard requirement.
Moreover, 40% of surveyed organizations have seen their IT budgets shrink since January 2023, when Brussels reached a political agreement on the directive. With 80% of EMEA IT budgets now dedicated to cybersecurity and compliance, there’s hardly any room left to tackle ongoing issues like filling tech roles and driving digital transformation. Andre Troskie from Veeam stresses that while maintaining security is essential, the heavy financial burden shows how unprepared many organizations truly are.
In contrast, UK companies seem to be ahead of the curve. Though Brexit hasn’t directly impacted their day-to-day operations, their preparedness for NIS2 stands out. Since January 2023, UK IT budgets have actually increased, allowing leaders to invest confidently in security enhancements. A notable 38% of UK respondents have reviewed their cyber processes, while 34% have invested in new security technologies—figures that surpass those in the EU.
UK leaders aren’t planning to slow down; 30% aim to conduct more process reviews, and 25% want to keep investing in security tech, compared to lower figures among their European counterparts. Dan Middleton from Veeam sees this as a positive sign for the upcoming Cyber Security and Resilience Bill. He notes that the steps UK businesses take now to boost cyber resilience will pay off when the regulation comes into effect.
It’s also worth noting that 36% of UK businesses plan to invest in upskilling their existing workforce, addressing the pressing skills gap that affects 30% of them more than any other IT challenge.