We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Reporting window narrows for cyber breaches
Julie Austin (MHC privacy and data security partner)

15 Oct 2024 regulation Print

Reporting window narrows for cyber breaches

Four in ten (38%) firms believe their organisation will not be prepared for NIS2, the EU-wide legislation on cybersecurity  compliance, a survey of 160 professionals by Mason Hayes & Curran has revealed.

The deadline by which the Government must transpose NIS2 into Irish law is 17 October.

The same number have not yet updated their cybersecurity polices, leaving many organisations potentially exposed under the EU’s new regulatory regime.

More than two-thirds (67%) say complexity is their biggest concern about NIS2 implementation.

NIS2, which builds on the existing Network and Information Security (NIS) directive, dramatically broadens the scope of regulated sectors and introduces tougher cybersecurity standards across the EU.

With Ireland playing a central role in enforcement, the financial and reputational consequences for non-compliance could be severe.

Julie Austin (MHC privacy and data security partner), commented: " With the deadline for transposition just days away, the clock is ticking for businesses across Ireland.

“NIS2 is not just about adding more compliance checklists – it demands a complete overhaul of how organisations approach cybersecurity. The new directive puts leadership accountability at its core.”

Complexity

Michael Madden of MHC said: "While the complexity of NIS2 is daunting, it presents an opportunity for Irish businesses to lead by example in cybersecurity best practices, potentially influencing the broader European landscape.

“As a hub for digital services, Ireland's approach to NIS2 will be closely watched.”

The survey also highlighted that a quarter of businesses (25%) are not confident in their ability to meet their new reporting requirements under NIS2. The new directive mandates that incidents are detected and reported within 24 to 72 hours.

Austin added: “The new window for reporting incidents is extremely tight, and failure to comply could result in severe penalties."

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.