Bridging the gaps: Why NIS2 Is more than just compliance

Author:

Sofia Martinez Gomez, Cybersecurity Expert, AlixPartners

Earlier this year, Huawei organised the Cyber Security Forum at its Brussels-based Cyber Security Transparency Center, where I had the opportunity to explore the evolving landscape of cybersecurity regulation—specifically the NIS2 Directive—and share what it really means for organizations today.

What stood out in our discussion is that many of the hurdles companies encounter—fragmented governance, unclear risk ownership, limited resources—are not new, and they are not unique to NIS2. What NIS2 does is bring these issues into sharper focus, offering a strategic inflection point for organizations to rethink how they govern risk, align cybersecurity with business priorities, and build trust in an increasingly interconnected digital world.

Here are some key reflections from the session:

• Cybersecurity as strategy: NIS2 is not just a technical mandate—it is a call for executive alignment, clear risk ownership, and budget prioritization. Without cross-functional agreement on risk, there is no alignment on mitigation.
• The power of integration: Rather than building new frameworks from scratch, organizations should embed NIS2 into existing governance structures. This reduces overhead, increases adoption and distributes the workload.
• Supply chain as a new frontline: With third-party risk now a top concern, NIS2 pushes organizations to assess, monitor, and contractually manage vendor security. Encouragingly, sectors like Swiss banking and U.S. medical devices are already showing how collaboration and standardization can make this scalable.
• Evidence over assumptions: Controls are only as good as the evidence behind them. Testing, monitoring, and continuous improvement are essential—not just for compliance, but for resilience.
• Collective resilience: No organization can tackle these challenges alone. Whether it’s through shared supplier assessments, threat intelligence forums, or harmonized standards, collaboration is the only sustainable path forward.

NIS2 is not just a regulatory hurdle—it is an opportunity to rethink how we manage cyber risk across the enterprise to actually create value. It can serve as an opportunity to break silos, elevate cybersecurity to the boardroom, and build a more resilient digital ecosystem together.