NIS2 seen as a channel opportunity

The arrival of the EU’s NIS2 cyber security directive should be a chance for the channel to encourage some user spending, but they need to get on top of the compliance regulations before making a pitch.

The directive, which was updated last year and will come into force later in October, is driving better security practices and will cover businesses selling into verticals including entities, finance, health and government.

According to research from channel player Westcon-Comstor, a large number of partners view the directive as an opportunity to help guide customers through the requirements. But many are not yet up to speed on NIS2.

Although NIS2 is an EU directive, there are echoes of the approach the channel had to take over GDPR, informing customers that sell across Europe to prepare for the requirements. A third of those partners surveyed by the distie said that most of the users they spoke to operating outside the European Union were unaware of what was coming later this year.

Tapping into the directive’s need for businesses and organisations to take a zero-trust approach to security was seen by many in the channel as a revenue opportunity.

The distie found that 74% of the partners it quizzed believe that NIS2 will help them drive product sales, and half were looking at opportunities around education and enablement.

But that education is not just a user issue, with a paltry 5% of those quizzed feeling confident enough to describe their understanding and awareness of the directive as ‘good’.

“Our survey shows clearly that partners are keen to help their customers navigate NIS2 and achieve readiness ahead of its implementation later this year,” said Daniel Hurel, vice-president of cyber security and next-gen solutions, EMEA, at Westcon-Comstor.

“From education and enablement to managed services, partners have an opportunity to add value by serving as a trusted adviser to their customers and demonstrating expertise. First, however, partners are quite rightly seeking to build their own understanding so they can seize the NIS2 opportunity equipped with the information they need,” he added.

Others in the channel have also noted the growing opportunity for managed service providers that can offer customers compliance management options.

Fred Voccola, CEO of Kaseya, said that compliance was one of the areas of concern for SME customers, and the firm had seen growth on that side of the business as MSPs were being tasked with ensuring users were on the right side of regulations.

“The requirements of compliance are coming down more and more into the SME sector, and MSPs are the natural organisations to get paid money to deliver compliance management,” he said.

“Governments and non-government commercial entities are starting to require various compliance standards, and we’re starting to see a little bit of regulation coming in, and a little bit of business-to-business regulation.

“That’s going to increase, and small businesses and mid-size businesses don’t have the staff, so MSPs – in addition to delivering the IT and security – are going to deliver the compliance reporting and standard appropriations,” he added.