Your Network Has a Story — Let Pure Networks Show You the Truth
As DORA binds EU financial entities since January 2025 and Ireland faces EU Commission pressure over its missed NIS2 transposition, opaque attack paths in hybrid networks have become multimillion-euro liabilities that static audits can no longer conceal.
Key takeaways
- •NIS2's risk-management and incident-reporting mandates, delayed in Ireland until at least mid-2025 legislative scrutiny, now demand continuous evidence of resilience across essential sectors while 71% of security teams report visibility gaps in multi-cloud environments.
- •DORA requires financial institutions to prove ICT operational resilience against real disruptions, exposing the gap between theoretical CVE lists and exploitable paths that ransomware and supply-chain attacks have repeatedly weaponised in 2025 EU incidents.
- •The non-obvious tension lies in regulators insisting on attacker-validated proof while resource-constrained teams grapple with the cost of shifting from annual pentests to dynamic validation amid rising state-aligned espionage targeting telecom and logistics networks.
Network Opacity Meets Regulation
European organisations in early 2026 operate networks whose true topology — devices, connections, privileges and latent weaknesses — remains partially invisible amid hybrid cloud, remote access and operational technology sprawl. The AlgoSec 2025 State of Network Security Report found 71% of teams citing visibility shortfalls that delay threat detection and policy enforcement, a problem sharpened by the explosion of connected assets since the pandemic-era acceleration of digital transformation.
NIS2, which broadens coverage to include manufacturing, energy, transport and digital infrastructure providers, entered its application phase after most member states transposed it; Ireland, having missed the 17 October 2024 deadline because of a general election, remains under reasoned-opinion pressure from the European Commission. Entities must register, conduct risk assessments and demonstrate proportionate security measures, with fines reaching €10 million or 2% of global annual turnover for serious breaches. Parallel to this, DORA became fully binding on 17 January 2025 for banks, insurers, investment firms and crypto providers, mandating rigorous testing of ICT resilience and the submission of third-party risk registers by April 2025.
ENISA’s Threat Landscape 2025, analysing nearly 4,900 incidents from mid-2024 to mid-2025, shows phishing as the dominant initial access vector and supply-chain compromises rising sharply, often succeeding precisely because defenders lack an end-to-end map of exploitable routes. State-aligned actors have intensified stealthy campaigns against EU telecommunications and logistics, while hacktivist DDoS waves have repeatedly hit digital service providers. Irish critical entities, guided by the NCSC’s emerging CyFun framework, face the same imperative: move beyond policy documents and point-in-time scans to ongoing validation that mirrors how adversaries actually move.
The concrete stakes extend beyond fines. A single undetected lateral-movement path can cascade into operational shutdowns costing millions daily in sectors such as energy or transport, while DORA non-compliance risks supervisory intervention that can restrict services. Boards increasingly demand auditable evidence rather than assurances, yet the skills and tooling required for continuous assessment remain scarce at the very moment regulatory deadlines converge.
Sources
- https://www.ncsc.gov.ie/nis2/
- https://ecs-org.eu/activities/nis2-directive-transposition-tracker/
- https://www.morganlewis.com/blogs/sourcingatmorganlewis/2025/01/preparing-for-dora-compliance-deadline-arrives
- https://www.algosec.com/press-release/algosec-2025-state-of-network-security-report
- https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
- https://purenetworks.ie/pure-networks-horizon3-ai-automatic-penetration-testing-irish-organisations/
- https://horizon3.ai/compliance/nis-2-compliance/
- https://www.pwc.ie/media-centre/press-releases/2025/digital-trust-insights-survey-2026.html
You might also like
- Mar 3Digital4Security Taster Workshops - Workshop 4: Operational Resilience: Surviving the Accident and the Hack
- Mar 3CyberSecure Online Summit
- Mar 5Not Ready for a Pen Test? Attackers Don't Care
- Mar 6Digital4Security Taster Workshops - Workshop 6: Critical Infrastructure Cybersecurity and Resilience: A Socio-technical Perspective
- Mar 17Stop attacks before they spread with Okta’s Identity Threat Protection