---

Reporting window narrows for cyber breaches

Four in ten (38%) firms believe their organisation will not be prepared for NIS2, the EU-wide legislation on cybersecurity  compliance, a survey of 160 professionals by Mason Hayes & Curran has revealed.

The deadline by which the Government must transpose NIS2 into Irish law is 17 October.

The same number have not yet updated their cybersecurity polices, leaving many organisations potentially exposed under the EU’s new regulatory regime.

More than two-thirds (67%) say complexity is their biggest concern about NIS2 implementation.

NIS2, which builds on the existing Network and Information Security (NIS) directive, dramatically broadens the scope of regulated sectors and introduces tougher cybersecurity standards across the EU.

With Ireland playing a central role in enforcement, the financial and reputational consequences for non-compliance could be severe.

Julie Austin (MHC privacy and data security partner), commented: " With the deadline for transposition just days away, the clock is ticking for businesses across Ireland.

“NIS2 is not just about adding more compliance checklists – it demands a complete overhaul of how organisations approach cybersecurity. The new directive puts leadership accountability at its core.”

Complexity

Michael Madden of MHC said: "While the complexity of NIS2 is daunting, it presents an opportunity for Irish businesses to lead by example in cybersecurity best practices, potentially influencing the broader European landscape.

“As a hub for digital services, Ireland's approach to NIS2 will be closely watched.”

The survey also highlighted that a quarter of businesses (25%) are not confident in their ability to meet their new reporting requirements under NIS2. The new directive mandates that incidents are detected and reported within 24 to 72 hours.

Austin added: “The new window for reporting incidents is extremely tight, and failure to comply could result in severe penalties."