Four in 10 Irish businesses not ready for new EU cyber rules
Four in ten Irish businesses (38%) will not be prepared for NIS2 compliance by 17 October, the date the Government must transpose NIS2 into Irish law, a survey of 160 professionals by Mason Hayes & Curran has revealed. The same number have not yet updated their cybersecurity polices, leaving many organisations potentially exposed under the EU’s new regulatory regime.
NIS2, which builds on the existing Network and Information Security (NIS) directive, dramatically broadens the scope of regulated sectors and introduces tougher cybersecurity standards across the EU. With Ireland playing a central role in enforcement, the financial and reputational consequences for non-compliance could be severe.
Julie Austin, privacy & data security partner at Mason Hayes & Curran (pictured), said: ” With the deadline for transposition just days away, the clock is ticking for businesses across Ireland. NIS2 is not just about adding more compliance checklists – it demands a complete overhaul of how organisations approach cybersecurity. The new directive puts leadership accountability at its core. We are working intensively with clients to review policies, update governance structures, and ensure senior leadership is fully engaged.”
Complexity emerged as the primary concern for implementing NIS2, with more than two-thirds (67%) of respondents highlighting it as their biggest challenge.
Michael Madden, commercial partner at Mason Hayes & Curran, said: ” While the complexity of NIS2 is daunting, it presents an opportunity for Irish businesses to lead by example in cybersecurity best practices, potentially influencing the broader European landscape. As a hub for digital services, Ireland’s approach to NIS2 will be closely watched.
“By embracing a proactive, risk-based approach, companies can not only achieve compliance but also gain a competitive edge. The key is to view NIS2 not as a regulatory burden, but as a catalyst for building a stronger, more secure business.”
The survey also highlighted that a quarter of businesses (25%) are not confident in their ability to meet their new reporting requirements under NIS2. The new directive mandates that incidents are detected and reported within 24 to 72 hours.
Austin added: “The new window for reporting incidents is extremely tight, and failure to comply could result in severe penalties. We are helping clients to significantly streamline their reporting processes to ensure they can act swiftly and mitigate the risk of costly sanctions.”
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers