Due to be adopted as law by member states by October 2024, the EU Network and Information Systems (NIS2) Directive is the most important cybersecurity legislation ever enacted across member states. While the original NIS1 Directive of 2016 was viewed as a major evolution in cybersecurity regulation, a lot has changed since then, particularly assumptions about the risk posed by an expanding range of cyberattacks. At that time, cybersecurity was seen primarily as a problem faced by individual organizations. Today, cybercrime is understood to be a threat to entire industry sectors and the stabili…