Board members whose companies fail to meet new EU cybersecurity requirements face fines and potential disqualification, Ireland’s national domain registry has warned.
New research has revealed that 45pc of Ireland’s most essential and important entities are not prepared for Network and Information Security Directive (NIS2) implementation.
Failure to comply with NIS2, which is due to be signed into Irish legislation by July, will mean a fine and potential disqualifications, in addition to reputational damage.
Under the directive, up to 5,000 essential entities in Ireland must take measures to manage risks to their online systems and to prevent or minimise the impact of incidents on recipients of their services.
Board members will be accountable for non-compliance and companies will be required to notify significant cyber incidents within 24 hours.
“Ignorance is not an excuse – we urge organisations to start to take cyber risk as seriously as they do economic risk, the entire way along their supply chain,” said Louise McKeown, Chief Growth Officer at .IE.
NIS2 aims to strengthen the culture of cybersecurity across sectors that are vital for our economy and society and that rely heavily on information and communications technology (ICT).
These include energy, transport, water, banking, healthcare and digital infrastructure sectors.
The domain registry commissioned Amárach to survey 354 Irish business decision-makers in essential and important entities and 47pc of organisations said they had not fully mapped their supply chain for critical services.
This highlights the need for thousands of further third-party suppliers to ensure that they are prepared for NIS2 compliance.
The survey found that 17pc of Ireland’s key organisations experienced a significant cyber-attack since 2024.
With almost half of firms unprepared for NIS2 implementation, failure to comprehensively assess potential risks within their systems will fall back on individuals sitting on boards of management, .IE said.
“As well as fines for your company, Ireland is small and the reputational damage that will go along with non-compliance could have a long-lasting, negative impact,” said McKeown.
“If you aren’t sure where to start, visit DigitalTrust.IE to ascertain your current level of digital vulnerability across your website, email and domain.
“Once you apply, your setup is assessed using a proprietary scoring evaluation that checks against industry-defined best practice.”
Ireland’s first Digital Trust Mark, created by .IE, has been described as an NCT for firms’ online identity.
Applicants receive a grade by the next working day and if an A-rating is achieved, businesses can display the mark for the following 12 months.
Domains that do not reach an A-rating will be given a detailed outline and recommended actions.