ENISA's NIS Investments report reveals shifts in cybersecurity spending towards technology over personnel, with ongoing talent shortages. Compliance drives 70% of investments, improving risk management and detection, though NIS2 implementation poses challenges. Patching and cybersecurity assessments lag, particularly for SMEs. Despite improved supply chain management, reliance on third-party services increases risks. Ransomware and supply-chain attacks are primary concerns for organizations. The findings aim to inform EU cybersecurity policy and improve resilience.
