3rd e-Crime & Cybersecurity Congress Austria

Time to transition to NIS2: stepping up to a new era in cybersecurity 

29th April, 2026  •  Vienna, Austria

Austria is finally going to implement NIS2 in 2026. Between 4,000 and 6,000 organisations will be affected.

 

From cybersecurity laggard to leader? 

EU Member States had until 17 October 2024 to implement NIS2 into national law. Austria still hasn't. So, the current legal framework remains the outdated NIS Act of 2018, which covers only a fraction of the entities that will be subject to the broader NIS2 requirements. There is currently an updated draft law, the Network and Information Systems Security Act 2026 (NISG 2026), but it is not clear when this will actually come into force in 2026. 
It is therefore not surprising that, according to a recent survey, Austria is a great place to be a hacker. Why? Because every 7th cyberattack in Austria is successful. That strike rate makes cyberattacks incredibly profitable, for economic actors, and devastatingly effective, if you are intent on disruption. 
The same survey revealed that: 

•    55% say that Austria is not well prepared to respond to serious cyberattacks against critical infrastructure.
•    More than 1 in 4 attacks (28%) can be traced back to state-backed actors.
•    1 in 3 companies (32%) had suppliers or service providers that were victims of cyberattacks which had a significant impact on their own company.
•    62% were able to identify cyberattacks with the help of their own employees - ahead of technical solutions and systems.
•    1 in 10 social engineering attempts already uses deepfake for voice and video messages.

All this suggests that organisations still need to invest more in security. It is also clear that when the NIS2 law is finally implemented, a very large number of organisations currently not mandated to take cybersecurity seriously, will soon have to do so. 
This means, for example, that: 

•    Incident response plans must cover prolonged disconnection scenarios - not just recovery and restoration.
•    Visibility into endpoint and third-party environments must improve, especially for government agencies that may be targets of nation-state actors or politically motivated hacktivists.
•    Cyber supply chain risks must be re-evaluated, and vendors continuously assessed.
•    Critical operations should be decoupled from external systems wherever possible.
•    CISOs must improve real-time threat detection and internal threat hunting capabilities.
•    Incident response and resilience must go beyond disaster recovery and into sustained continuity planning.
 

In Austria, the government wants higher levels of digital public service delivery. Corporations have also committed to high levels of digitalisation. 
But these levels of digitalisation must be backed up by solid security. Without this, public trust in institutions and companies will be eroded, and the benefits of digitalisation will be damaged by the costs of repeated clean-ups.

 

The e-Crime & Cybersecurity Congress Austria will look at how cybersecurity professionals can stay ahead of a rapidly evolving attack environment. Join our real-life case studies and in-depth technical sessions from the most sophisticated teams in the market. 

View details of the previous event

  • Making the best use of threat intelligence

    • In a pre-emptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. 
    • To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). 
    • They need external, real-time context about emerging threats - where do they get it? 

  • Security Posture Management

    • Traditional vulnerability scanners don't handle cloud native architectures well. 
    • Today's cloud environments spin up thousands of ephemeral assets without a traditional OS, without an IP address for long. 
    • So how do you adapt to that dynamic, APl-driven reality? 
    • How can traditional tools connect the dots - not just generate tickets? 

  • Improving continuous attack surface discovery

    • You need to know what attackers can see and what they can actually attack - and you need it on a continuous basis, not in some static inventory. 
    • Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. 
    • Is this feasible and is it cost effective? 

  • The power of automation

    • There's too much manual intervention in security. 
    • SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. 
    • Well, that's the theory. How does it work in the real world? 

  • Adversary simulation and behavioural analysis

    • Automated adversary simulation identifies telemetry blind spots. 
    • They provide prioritized remediation guidance and control effectiveness metrics. 
    • They track progress trends and validate security ROls as well as providing board and audit reporting. 
    • How well do they work in practice? 

  • Dealing with regulations

    • CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. 
    • Can RegTech help? 

  • Achieving visibility across ecosystems

    • From exposed initial access points such as warehouse management systems to complex machine control software, simply understanding your device and application landscape, its connection and data flows and dependencies is a huge challenge.
    • Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that? 

  • Transitioning OT to the Cloud?

    • OT traditionally was localized in particular sites and air-gapped from IT systems. 
    • But connectivity with broader corporate networks and the need to manage technology more centrally (especially during COVID) has seen companies looking at managed services in the Cloud for OT. 
    • Is this a way forward? 

  • Defending against the latest ransomware variants

    • Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. 
    • The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. 
    • What can CISOs do to better defend against ransomware? 

  • OT and the regulations

    • DORA, NIS2 and other regulations put more responsibility for resilience on firms deemed important or critical. 
    • Many have focused on IT networks but the regulations include all resilience and so OT environments matter. 
    • What does this new emphasis from regulators mean practically for OT security? 

  • Why zero trust, isolation and segmentation are key

    • There has been a shift in recent attacks away form the theft of data - now threat actors are concerned with interrupting all operation activity. 
    • It is now critical that business functions are separated, and that internet access to OT networks is limited. 
    • Can security teams keep up with sophisticated foes? 

  • Pen testing for OT/SCADA

    • Testing is key to identifying and fixing vulnerabilities before they're exploited. 
    • Regulations like NERC CIP require utilities to assess and mitigate risk. 
    • Testing checks OT security controls are functioning properly shows regulators an organization's commitment to security. 
    • Can you help? 

Venue

Renaissance Vienna Schönbrunn Hotel

Location: 

Renaissance Vienna Schönbrunn Hotel

Linke Wienzeile/Ullmannstraße 71, 
1150 Vienna,  
Austria

Telephone: +43 1-891020

Directions: 

Please click here