Notifications
Clear all
Topic starter
09/06/2026 11:37 pm
TL;DR: NIS2 is forcing organisations to tighten incident response, supplier oversight, and executive accountability as ransomware and state-linked threats intensify, according to Netwrix. The governance gap is no longer just compliance paperwork: it is whether response, training, and third-party controls are prepared for personal liability and audit scrutiny.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
Q: How should security teams prepare identity controls for NIS2 accountability requirements?
A: Security teams should connect identity governance to incident response, supplier management, and evidence retention.
Q: Why do third-party identities matter so much under NIS2?
A: Third-party identities matter because supplier access often outlives the business need that justified it.
Practitioner guidance
- Map NIS2 incident obligations to identity events Tie service account abuse, credential compromise, and vendor access misuse to the same incident triage and evidence workflow used for other regulated events.
- Review supplier access and offboarding clauses Require contracts to specify access revocation, notification, and verification steps when a service changes, ends, or is replaced.
- Test response plans against identity-led scenarios Run exercises that start with a leaked API key, an overprivileged service account, or a compromised third-party credential.
What to expect at the briefing
Netwrix's full webinar covers the operational detail this post intentionally leaves for the source:
- Practical guidance on improving incident response processes and response drills for regulated environments
- Discussion of NIS2 implications for corporate and personal responsibility at management level
- Examples of how to strengthen supplier contracts so access and offboarding obligations are enforceable
- Training approaches that help teams prepare for evolving cybersecurity obligations
👉 Watch Netwrix's webinar on NIS2 strategies for today's cyber threats →
NIS2 accountability and response readiness: what should teams change?
Explore further
10/06/2026 2:00 am
NIS2 turns identity governance into an accountability discipline, not a checklist. The directive is not only about meeting deadlines or documenting policies. It forces organisations to prove that identity controls, response paths, and supplier oversight work when incidents happen, which makes access governance part of operational resilience. Practitioners should treat NIS2 as evidence that identity programmes now carry regulatory weight.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means identity accountability is often incomplete before an incident begins.
A question worth separating out:
Q: Who is accountable when identity controls fail under NIS2?
A: Accountability should be explicit at both operational and leadership levels. Security teams need named owners for access, logging, supplier revocation, and incident escalation, while management must be able to demonstrate oversight. NIS2 raises the cost of vague ownership because responsibility can no longer be implied.
👉 Read our full editorial: NIS2 accountability and incident response pressures are reshaping governance
