Skip to content
Arch World Review Spain · Europe · Business · Technology 14 July 2026
Business

Cybersecurity is no longer an IT problem as NIS2 makes it a business responsibility

Digital protection requires risk management, operational continuity, supplier control and decisions owned by company leadership.

By AWR Editorial Desk 14 July 2026 1 min
International cybersecurity operations centre during an official visit

The NIS2 Directive establishes a common cybersecurity framework across eighteen critical sectors of the European Union. Its scope confirms that network and data security cannot remain isolated inside an IT department.

INCIBE acts as Spain's reference cybersecurity institution and provides services for companies, professionals and citizens. Each organisation, however, remains responsible for its own preparation and response.

An incident must be anticipated

Backups, emergency contacts, logs, alternative systems and responsibilities need to exist before an attack. An untested plan may fail at the moment when the organisation depends on it most.

Suppliers form part of the risk

Software, storage providers, advisers and external platforms expand exposure. Contracts should define security, access, incident notification, recovery procedures and the return of company information.

Culture matters as much as technology

Passwords, updates and authentication are essential, but attacks also exploit urgency, trust and missing verification. Training should be practical, repeated and connected to the actual work performed by employees.


Editorial sources

Photograph: DHS Secretary Alejandro Mayorkas Visits EcuCERT National Cybersecurity Center (52553531706).jpg · DHSgov · Public domain · Wikimedia Commons