{"id":30486,"date":"2026-07-15T14:10:33","date_gmt":"2026-07-15T13:10:33","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=30486"},"modified":"2026-07-15T14:10:39","modified_gmt":"2026-07-15T13:10:39","slug":"industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/","title":{"rendered":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance"},"content":{"rendered":"\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-30470 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig1-437x127.png\" alt=\"\" width=\"578\" height=\"168\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig1-437x127.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig1-71x21.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig1-768x223.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig1.png 976w\" sizes=\"auto, (max-width: 578px) 100vw, 578px\" \/><\/p>\n<p><strong>This figure reveals a profound shift: backups, often considered the last resort, have now become prime targets for attackers. When faced with a major cyberattack, traditional continuity plans are no longer sufficient.<\/strong> Indeed, they fall short in industrial environments, particularly given the nature of the stakes involved: physical safety, environmental impact, continuous production, and more.<\/p>\n<p>This is why the <strong>most advanced organizations are now building dedicated OT cyber-resilience programs<\/strong>, designed to manage crises in the face of major disruptions or incidents. That aim to ensure the continuity of essential operations and restore compromised assets.<\/p>\n<p>The NIS2 Directive \u2014 and particularly ANSSI&#8217;s RECYF framework \u2014 supports this effort by introducing clear cyber-resilience obligations for essential and important entities.<\/p>\n<p>Where to start, what obstacles to anticipate, and how to build OT resilience that meets NIS2 requirements?<\/p>\n<h1><strong>NIS 2 and Industrial Resilience: Requirements and Current State<\/strong><\/h1>\n<h2><strong>What NIS 2 Concretely Requires<\/strong><\/h2>\n<p><span style=\"color: #451dc7;\"><em>The growing integration of IT into industrial processes \u2014 MES, ERP systems connected to production <\/em><em>lines; the gradual shift away from paper-based processes \u2014 has profoundly changed the operational reality of manufacturing plants. Dependencies are numerous, often poorly mapped, and an IT failure can bring OT to a halt even when the physical equipment remains fully functional. In this regard, strengthening the cyber resilience of industrial environments has become a priority .<\/em><\/span><\/p>\n<p>The NIS 2 directive significantly broadens the scope of entities subject to cybersecurity obligations. Two objectives are crucial in terms of resilience:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-30466 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2-393x191.png\" alt=\"\" width=\"882\" height=\"429\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2-393x191.png 393w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2-71x35.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2-768x374.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2-1536x747.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig2.png 1891w\" sizes=\"auto, (max-width: 882px) 100vw, 882px\" \/><\/p>\n<h2><strong>Industrial State of Play<\/strong><\/h2>\n<p>While industrial organizations have gradually invested in securing their OT environments, maturity around continuity and recovery remains insufficient to meet NIS 2 requirements. Several gaps are observed systematically:<\/p>\n<ul>\n<li>\u00a0<strong>Gaps in the knowledge of assets<\/strong> and their criticality\n<ul>\n<li>Asset mapping that is often not formalised or incomplete<\/li>\n<li>BIAs are absent or only partially completed<\/li>\n<\/ul>\n<\/li>\n<li><strong>Existing business BCPs are designed for physical or traditional IT scenarios, but not for OT cyber challenges<\/strong><\/li>\n<li><strong>Continuity and recovery capabilities are not tested<\/strong>: organisations limit themselves to unit tests or isolated VM restorations, never covering a complete production line or end-to-end scenario. Several factors explain this situation:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-30462 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig3-296x191.png\" alt=\"\" width=\"885\" height=\"571\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig3-296x191.png 296w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig3-61x39.png 61w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig3-768x495.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig3.png 1366w\" sizes=\"auto, (max-width: 885px) 100vw, 885px\" \/><\/p>\n<p>Without the necessary maturity on these topics, a cyber incident can result in weeks of downtime<\/p>\n<h1><strong>Building OT Resilience for NIS 2: A Practical Roadmap<\/strong><\/h1>\n<h2><strong><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-30458 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4-322x191.png\" alt=\"\" width=\"1000\" height=\"593\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4-322x191.png 322w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4-66x39.png 66w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4-120x70.png 120w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4-768x455.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig4.png 1183w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/strong><strong style=\"font-size: revert; color: initial;\">Foundations and Prerequisites<\/strong><strong style=\"font-size: revert; color: initial;\">\u00a0 \u00a0 \u00a0<\/strong><\/h2>\n<p>Before building a recovery, plan or testing anything, the groundwork must be laid. <strong>Including knowing what to protect, how to hold up during an incident, and what to back up.<\/strong><\/p>\n<h2><strong>Which stakeholders to involve from the start?<\/strong><\/h2>\n<p>A cyber-resilience program driven solely by Cyber or IT teams risks failing to reflect operational realities and address the true business stakes: without the involvement and buy-in of operators, the initiative will struggle to move forward. This requires an evangelization phase, concretely explaining what an incident costs their operations, and identifying the right stakeholders in each department from the outset.<\/p>\n<h2><strong>Which business perimeters to prioritise?<\/strong><\/h2>\n<p>The goal of cyber-resilience is not to produce an exhaustive inventory of the industrial asset base. <strong>It is to identify the assets that underpin critical business processes<\/strong>. The starting point is to establish a BCP at the global level, followed by a BIA at the site level, which will define the RTO and RPO for each critical process.<\/p>\n<p>Asset collection relies on a hybrid approach:<\/p>\n<ul>\n<li><strong>Operational interviews<\/strong> with field teams<\/li>\n<li><strong>Analysis of architecture documents and configurations<\/strong> to identify additional dependencies<\/li>\n<\/ul>\n<p><span style=\"color: #451dc7;\"><em>Network probes may seem like an obvious choice, but they only detect assets that are actively generating traffic. Any equipment that is not communicating at a given moment will simply disappear from the mapping. In OT environments, a significant number of devices are configured once and then operate autonomously, which severely limits their network visibility. Furthermore, some systems are entirely standalone and emit no traffic at all \u2014 even though they may be critical to operations. Relying solely on probes therefore provides a partial and potentially misleading view of the environment, with a real risk of overlooking essential assets.<\/em><\/span><\/p>\n<h2><strong>What data to backup and how?<\/strong><\/h2>\n<p><strong>Asset mapping makes it possible to catalogue and prioritise the systems that need to be protected based on their criticality, as validated with business teams<\/strong>. For each asset, the minimum backup content and backup frequency are then defined:<img loading=\"lazy\" decoding=\"async\" class=\" wp-image-30454 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig5-437x184.png\" alt=\"\" width=\"857\" height=\"361\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig5-437x184.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig5-71x30.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig5-768x324.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig5.png 1409w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/><span style=\"color: initial; font-size: revert;\">Several <strong>principles then structure the backup security strategy:<\/strong><\/span><\/p>\n<ul>\n<li>Redundancy, encryption, and immutability of backups<\/li>\n<li>Air-gapping for the most sensitive environments<\/li>\n<li>Differentiated retention policies by asset type<\/li>\n<li>Contractual clauses governing backup obligations for third parties<\/li>\n<\/ul>\n<p><em>Backup infrastructure<\/em><em> is not merely technical storage systems: they are themselves sensitive targets and must be treated as critical systems, with the appropriate level of protection.<\/em><\/p>\n<h2><strong>How to ensure continuity during an incident?<\/strong><\/h2>\n<p>The <strong>first step of the BCP is to identify the crisis scenarios that need to be addressed<\/strong>, as these determine which stakeholders to involve, which procedures to define, and which operating modes to adopt. This work is carried out jointly with the HSE, business, cybersecurity, and risk management teams.<\/p>\n<p>For each critical process identified, the following must then be defined in collaboration with the production, maintenance, and quality teams:<\/p>\n<h1><strong>Validation and Recovery<\/strong><\/h1>\n<h2><strong>How to validate that recovery works?<\/strong><\/h2>\n<p>An untested DRP is a theorical DRP.<\/p>\n<p><strong>Tests can be conducted in the following ways to limit the impact on production:<\/strong><\/p>\n<ul>\n<li>On a dedicated global test infrastructure, shared across sites,<\/li>\n<li>On a test line,<\/li>\n<li>During maintenance windows,<\/li>\n<li>Using digital twins.<\/li>\n<\/ul>\n<p>These tests should be validated at least once a year.<\/p>\n<p>Progression is gradual:<img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-30446 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7-437x179.png\" alt=\"\" width=\"896\" height=\"367\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7-437x179.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7-71x29.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7-768x314.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7-1536x628.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig7.png 1715w\" sizes=\"auto, (max-width: 896px) 100vw, 896px\" \/><\/p>\n<p><strong>Each test is documented<\/strong>: actual RTO and RPO measured, comparison against theoretical targets, gaps identified, and corrective actions planned.<\/p>\n<p><span style=\"color: #451dc7;\"><em>RTO\/RPO objectives may not be realistic in the context of a major cyber crisis. They should therefore not act as a blocking factor for conducting tests or for validating cyber-resilience principles under NIS2.<\/em><\/span><\/p>\n<h2><strong>How to rebuild after an incident?<\/strong><\/h2>\n<p><strong>The DRP defines how to restart critical systems following a disaster<\/strong>. It covers several scenarios: hardware failure, ransomware, and OT network loss.<\/p>\n<p>For each scenario, it is necessary to:<\/p>\n<ul>\n<li>Define the restart sequencing based on dependencies between systems<\/li>\n<li>Document the escalation and decision-making chain<\/li>\n<li>Clearly define third-party involvement: intervention conditions, coordination modalities, and prerequisite security requirements (ransomware eradication, controlled environment such as a &#8220;clean room&#8221;, gradual recovery with network segmentation)<\/li>\n<\/ul>\n<p><span style=\"color: #451dc7;\"><em>Two recovery logics must be distinguished: loss of availability (switching to backup resources) and loss of integrity (complete reconstruction from backups). The procedures are not the same and must be addressed separately.<\/em><\/span><\/p>\n<h1><strong>From Asset Resilience to Crisis Management<\/strong><\/h1>\n<p><strong>What we have described here constitutes the minimum foundation for initiating a recovery approach in an OT environment<\/strong>. But NIS 2 requires going further as the entire information system is concerned, and the question is no longer purely technical; it calls for a structured program, managed over time, capable of demonstrating compliance and asset resilience.<\/p>\n<p><strong>This means deploying this approach pragmatically<\/strong>, taking into account cyber risks, regulatory constraints, and available resources. It also means not approaching OT resilience as a one-off project: cyber-resilience must be embedded by design, with tracked workstreams, documented evidence, and business teams engaged over the long term.<\/p>\n<p>Finally, the market today offers solutions dedicated to OT resilience. Actively monitoring this space can prove valuable in identifying the right tools.<\/p>\n<p>Moreover, <strong>resilience does not stop at technical recovery, it also encompasses crisis management<\/strong>: <a href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/02\/enabling-a-paradigm-shift-in-cyber-crisis-management-preparedness\/\">Enabling a paradigm shift in cyber crisis management preparedness &#8211; RiskInsight<\/a><\/p>\n<h1><strong>Glossary<\/strong><\/h1>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-30442 alignnone\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig8-437x120.png\" alt=\"\" width=\"1029\" height=\"283\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig8-437x120.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig8-71x20.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig8-768x211.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_EN_fig8.png 1530w\" sizes=\"auto, (max-width: 1029px) 100vw, 1029px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This figure reveals a profound shift: backups, often considered the last resort, have now become prime targets for attackers. When faced with a major cyberattack, traditional continuity plans are no longer sufficient. Indeed, they fall short in industrial environments, particularly&#8230;<\/p>\n","protected":false},"author":1598,"featured_media":30484,"comment_status":"open","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3922,3977,3275,3274,2790],"tags":[2772,5137],"coauthors":[4634,5135],"class_list":["post-30486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-deep-dive-en","category-focus","category-iot-consumer-goods-en","category-manufacturing-industry-4-0-en","category-sections","tag-cybersecurity","tag-nis-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"This figure reveals a profound shift: backups, often considered the last resort, have now become prime targets for attackers. When faced with a major cyberattack, traditional continuity plans are no longer sufficient. Indeed, they fall short in industrial environments, particularly...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-15T13:10:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-15T13:10:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner-59x39.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"59\" \/>\n\t<meta property=\"og:image:height\" content=\"39\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Wassim ALIDRA, Vincent LARDET\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Wassim ALIDRA, Vincent LARDET\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\"},\"author\":{\"name\":\"Victor Hu\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/2bfe137efb50a59875b8d9ec8b755c9a\"},\"headline\":\"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance\",\"datePublished\":\"2026-07-15T13:10:33+00:00\",\"dateModified\":\"2026-07-15T13:10:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\"},\"wordCount\":1211,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg\",\"keywords\":[\"cybersecurity\",\"nis 2\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Deep-dive\",\"Focus\",\"IoT &amp; Consumer goods\",\"Manufacturing &amp; Industry 4.0\",\"Sections\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\",\"name\":\"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg\",\"datePublished\":\"2026-07-15T13:10:33+00:00\",\"dateModified\":\"2026-07-15T13:10:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg\",\"width\":8478,\"height\":5652},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/2bfe137efb50a59875b8d9ec8b755c9a\",\"name\":\"Victor Hu\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/victor-hu\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/","og_locale":"en_US","og_type":"article","og_title":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight","og_description":"This figure reveals a profound shift: backups, often considered the last resort, have now become prime targets for attackers. When faced with a major cyberattack, traditional continuity plans are no longer sufficient. Indeed, they fall short in industrial environments, particularly...","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/","og_site_name":"RiskInsight","article_published_time":"2026-07-15T13:10:33+00:00","article_modified_time":"2026-07-15T13:10:39+00:00","og_image":[{"width":59,"height":39,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner-59x39.jpg","type":"image\/jpeg"}],"author":"Wassim ALIDRA, Vincent LARDET","twitter_misc":{"Written by":"Wassim ALIDRA, Vincent LARDET","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/"},"author":{"name":"Victor Hu","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/2bfe137efb50a59875b8d9ec8b755c9a"},"headline":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance","datePublished":"2026-07-15T13:10:33+00:00","dateModified":"2026-07-15T13:10:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/"},"wordCount":1211,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg","keywords":["cybersecurity","nis 2"],"articleSection":["Cybersecurity &amp; Digital Trust","Deep-dive","Focus","IoT &amp; Consumer goods","Manufacturing &amp; Industry 4.0","Sections"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/","name":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg","datePublished":"2026-07-15T13:10:33+00:00","dateModified":"2026-07-15T13:10:39+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2026\/07\/NIS2_banner.jpg","width":8478,"height":5652},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2026\/07\/industrial-cyber-resilience-how-to-get-started-with-nis-2-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Industrial Cyber-Resilience: How to Get Started with NIS 2 Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/2bfe137efb50a59875b8d9ec8b755c9a","name":"Victor Hu","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/victor-hu\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/30486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=30486"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/30486\/revisions"}],"predecessor-version":[{"id":30507,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/30486\/revisions\/30507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/30484"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=30486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=30486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=30486"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=30486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}