CIOs and CISOs take on NIS2: Key challenges, security opportunities

Antolini himself highlights that AMA’s cybersecurity budget had to increase due to the adjustment to the NIS2 requirements.

“We had to make a lot of investments, for example to strengthen the systems and to have the right number of people to manage them and follow the procedures”, says AMA’s CISO. “NIS2, in fact, requires reporting within a specific time frame and this speed requires people in charge. Then there is the control part of the supply chain, often a vehicle for incidents, and this impacts not only the CIO and the CISO but also the tender offices, purchasing, and so on. Even the verification of the requirements and the monitoring of third parties require work, or rather people.”

The expense, therefore, is undeniable and increases along with the size of the company. Furthermore, the expense includes initial investments to achieve compliance, and recurring costs to maintain compliance. Experts say the cost is on the order of €100,000 to €500,000, reaching up to €1 million for larger companies. And that excludes normal IT security costs.