Assessing the impact of the NIS2 directive on cybersecurity practices at an aerospace manufacturer
Vetskov, Tsvetan (2025)
2025
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025060921589
https://urn.fi/URN:NBN:fi:amk-2025060921589
Tiivistelmä
The European Union’s NIS2 Directive represents a significant advancement in the regulation of cyber-security across critical infrastructure sectors, including aerospace manufacturing. This thesis assessed the impact of the NIS2 Directive on the cybersecurity practices of an aerospace manufacturer. The study aimed to evaluate how the directive influences the company’s cybersecurity strategies, identify compliance gaps between current practices and regulatory requirements, and provide actionable recommendations for achieving compliance and enhancing overall cybersecurity resilience.
A qualitative research methodology was employed, incorporating a comprehensive literature review, in-depth analysis of the NIS2 Directive, and case study examination of the aerospace manufacturer’s existing cybersecurity framework. Data were collected through semi-structured interviews and surveys with key personnel, including cybersecurity managers, IT directors, and compliance officers. A gap analysis was conducted to compare the company’s current practices against the directive’s mandates, and a risk assessment evaluated potential vulnerabilities associated with non-compliance.
The findings revealed that while the aerospace manufacturer has established foundational cybersecurity measures, several critical areas do not meet the stringent requirements of the NIS2 Directive. Key gaps include insufficient incident reporting protocols, inadequate risk management processes, and a lack of comprehensive employee cybersecurity training programs. The risk assessment highlighted potential operational disruptions, legal repercussions, and reputational damage stemming from these deficiencies.
Based on the analysis, the thesis presented strategic recommendations to bridge the identified gaps. These included implementing enhanced incident response and reporting procedures, adopting a robust cybersecurity risk management framework, and initiating organization-wide training initiatives to foster a culture of cybersecurity awareness. An implementation roadmap outlined the steps necessary for the company to achieve compliance, allocate resources effectively, and assign responsibilities across departments.
This research contributed o the academic discourse on cybersecurity in the aerospace industry by providing empirical insights into the practical challenges and implications of regulatory compliance with the NIS2 Directive. The outcomes offered valuable guidance for the aerospace manufacturer and similar organizations seeking to navigate the evolving cybersecurity regulatory landscape, ultimately enhancing their defense against cyber threats and ensuring operational continuity.
A qualitative research methodology was employed, incorporating a comprehensive literature review, in-depth analysis of the NIS2 Directive, and case study examination of the aerospace manufacturer’s existing cybersecurity framework. Data were collected through semi-structured interviews and surveys with key personnel, including cybersecurity managers, IT directors, and compliance officers. A gap analysis was conducted to compare the company’s current practices against the directive’s mandates, and a risk assessment evaluated potential vulnerabilities associated with non-compliance.
The findings revealed that while the aerospace manufacturer has established foundational cybersecurity measures, several critical areas do not meet the stringent requirements of the NIS2 Directive. Key gaps include insufficient incident reporting protocols, inadequate risk management processes, and a lack of comprehensive employee cybersecurity training programs. The risk assessment highlighted potential operational disruptions, legal repercussions, and reputational damage stemming from these deficiencies.
Based on the analysis, the thesis presented strategic recommendations to bridge the identified gaps. These included implementing enhanced incident response and reporting procedures, adopting a robust cybersecurity risk management framework, and initiating organization-wide training initiatives to foster a culture of cybersecurity awareness. An implementation roadmap outlined the steps necessary for the company to achieve compliance, allocate resources effectively, and assign responsibilities across departments.
This research contributed o the academic discourse on cybersecurity in the aerospace industry by providing empirical insights into the practical challenges and implications of regulatory compliance with the NIS2 Directive. The outcomes offered valuable guidance for the aerospace manufacturer and similar organizations seeking to navigate the evolving cybersecurity regulatory landscape, ultimately enhancing their defense against cyber threats and ensuring operational continuity.