NIS2: Solutions and Strategies for Modern Cyber Governance

The necessity to achieve elevated levels of IT security is becoming a priority for companies that are increasingly using digital technologies and are therefore exposed to the risk of attacks on their systems. To counter this emerging phenomenon, the European Union issued Directive (EU) 2022/2555 (NIS2), published on 27 December 2022. The document contains regulations and indicates strategies that, if applied, will increase the level of cybersecurity in all member states, making it the most important of all the regulations issued. The objective of this research is to analyse what we can define as the "main challenges" that NIS2 poses to organisations in order to adapt to the requirements placed upon them, and also to highlight the consequent impact at an organisational and operational level that such compliance entails. The presentation of a case study, conducted in collaboration with KPMG S.p.A., allows for a detailed analysis of the strategies and tools that have proven to be most effective in helping organisations comply with the regulation. While aware of the limitations imposed by the complexity of the subject matter, this paper aims to provide useful support to companies by illustrating the strategies identified and the operational mechanisms to provide companies with simple and practical tools capable of guaranteeing innovative solutions. Particular attention has been paid to the methodological approach to compliance assessment and to the definition of an operational framework for IT security management. The results of the study show that compliance with NIS2 is an opportunity to strengthen business resilience. The adoption of risk management strategies, staff awareness and the use of advanced technologies emerge as key factors in addressing cyber threats in an increasingly dynamic and complex environment. Finally, the thesis aims to demonstrate how a proactive approach to compliance is capable of fostering a more solid and sustainable security environment and, over time, contributing to the construction of a more secure digital ecosystem at European level.