The NIS Investments 2025 report published by ENISA analyses cybersecurity investments across 1,080 European organisations operating in sectors covered by NIS2.
While the report is focused on cybersecurity, it highlights a broader operational reality: the key challenges identified rely on environments where physical and logical dimensions need to be tightly integrated.
The 7 key takeaways from the report
- Investments are shifting toward technologies and services
Organisations are compensating for limited internal resources by increasing their use of tools and outsourcing. - The talent shortage remains a major constraint
76% of organisations report difficulties recruiting qualified profiles. - Compliance is the main driver of investments
70% of organisations prioritise investments to meet regulatory requirements. - NIS2 implementation remains complex
50% cite vulnerability management as the main challenge, followed by business continuity (49%), supply chain (37%) and access management (21%). - Vulnerabilities remain a major attack vector
Nearly 20% of intrusions are linked to their exploitation, and remediation timelines remain high. - Supply chain is becoming a central issue
37% of organisations find it difficult to manage, while 47% consider it a priority threat. - Threats are diversifying and combining
Ransomware (55%), supply chain (47%), phishing (35%) and insider threats (22%) structure current priorities.
A growing convergence between physical and cybersecurity
Beyond these findings, the report highlights a structural shift: investments are no longer limited to regulatory and technical objectives, but also aim to address operational challenges.
Cybersecurity implementation directly depends on the ability to control physical environments, including:
- Access management
- Traceability of actions
- Control of external stakeholders
- Mitigation of insider threats
The link between physical security and cybersecurity, reinforced by NIS2, is no longer theoretical. It is now reflected in organisations’ investment priorities.
In this context, SPAC Alliance services provide actionable and recognised solutions, delivered by experts in the convergence of physical security and cybersecurity. Feel free to explore our catalogue.
