Tue. Feb 27th, 2024

Content Assessment: EU Cybersecurity Investment Trends: Insights from the NIS Investments Report 2023

Information - 92%
Insight - 93%
Relevance - 91%
Objectivity - 94%
Authority - 95%



A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent release by the European Union Agency for Cybersecurity (ENISA) of the NIS Investments Report 2023.

Editor’s Note: The “NIS Investments Report 2023,” released by the European Union Agency for Cybersecurity (ENISA), provides a vital analysis of cybersecurity investment trends within the EU, with a special focus on vulnerability management in the context of Network and Information Systems (NIS). This report is an essential resource for understanding the current investment landscape, challenges, and strategic priorities facing Operators of Essential Services (OES) and Digital Service Providers (DSP) under the NIS Directive. In this article, we explore the key findings of the “NIS Investments Report 2023,” shedding light on the nuanced investment patterns, staffing challenges, and the critical need for effective vulnerability management strategies. Additionally, the broader EU cybersecurity policy context, including the NIS2 Directive and proposed regulations like the Cyber Resilience Act (CRA) and Cyber Solidarity Act (CSoA), is examined. For legal tech professionals, this report offers crucial insights into evolving cybersecurity priorities and their implications for regulatory compliance and risk management.

Industry Article

EU Cybersecurity Investment Trends: Insights from the NIS Investments Report 2023

ComplexDiscovery Staff

The “NIS Investments Report 2023,” a comprehensive study conducted by the European Union Agency for Cybersecurity (ENISA), has recently been released, casting a critical eye on the investment landscape in cybersecurity within the EU, specifically in the realm of Network and Information Systems (NIS). This report is significant in its analysis of the investment trends and operational challenges faced by Operators of Essential Services (OES) and Digital Service Providers (DSP) as per the NIS Directive.

In the face of a 25% increase in the costs associated with major cyber incidents in 2022 compared to 2021, the “NIS Investments Report 2023” uncovers a slight uptick of 0.4% in IT budgets dedicated to cybersecurity. This increment, albeit modest, is significant in the context of the increasing complexity and frequency of cyber threats.

A noteworthy trend highlighted in the report is the reluctance of organizations to expand their information security workforce. It’s concerning that 47% of organizations surveyed indicate no intention to hire additional Full Time Equivalents (FTEs) in the information security domain in the next two years. Additionally, 83% of these organizations are grappling with recruitment challenges in at least one information security area, which could critically impact their vulnerability management capabilities.

The report also brings into focus the practices in the transport sector regarding the patching of vulnerabilities. It finds that 51% of organizations in this sector take up to a month to patch critical vulnerabilities, and 21% need between one to six months. Only 28% manage to address critical vulnerabilities within a week, highlighting a significant gap in timely vulnerability management.

Juhan Lepassaar, Executive Director of ENISA, underscores the importance of allocating sufficient budgetary and human resources to cybersecurity. He emphasizes the essential role of managing vulnerabilities effectively, alongside implementing ‘secure by design’ initiatives.

The “NIS Investments Report 2023” aims to assess how cybersecurity investments align with the objectives of the NIS Directive. The report’s data, collected from 1,080 OES and DSP across all 27 EU Member States, particularly focuses on the fiscal year 2022. In line with 2023 being the European Year of Skills, the report also places a special emphasis on cybersecurity skills among OES and DSPs, delving into staffing, hiring challenges, and gender balance in IT security roles, especially within the transport sector.

Key findings from the report include:

  • An increase in the IT budget dedicated to cybersecurity to 7.1% in 2022.
  • A 30% increase in cyber insurance adoption among OES/DSPs, reaching 42% in 2022, yet only 13% of SMEs have subscribed to such insurance.
  • A marginal decrease in the percentage of IT FTEs dedicated to information security.
  • Alarmingly low gender diversity in information security roles, with most organizations employing no women in these positions.

The report also notes that the NIS Directive serves as a primary driver for cybersecurity investments, especially within the transport sector. Additionally, it points out that 51% of transport organizations manage Operational Technology (OT) security with the same team responsible for IT cybersecurity, a fact that presents unique challenges and opportunities for integrated security approaches.

Vulnerability management, as defined in the report, involves the process of identifying, assessing, and mitigating security vulnerabilities. The “NIS Investments Report 2023” highlights the need for improved interoperability, automation, and streamlined processes to enhance vulnerability disclosure and management.

Additionally, the report discusses the establishment of an EU vulnerability database and coordinated vulnerability disclosure mechanisms under the NIS2 Directive. These initiatives are pivotal in creating a mature vulnerability disclosure ecosystem within the EU and enhancing the overall cybersecurity landscape.

The “NIS Investments Report 2023” offers critical insights into the current state and challenges of cybersecurity investment in the EU, providing a valuable resource for professionals in the legal tech ecosystem.

Article Sources

Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.