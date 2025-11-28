Leipzig, Saxony , Nov. 28, 2025 (GLOBE NEWSWIRE) -- Since the entry into force of the German NIS-2 Implementation and Cybersecurity Strengthening Act, approximately 30,000 companies in Germany are subject to stricter security requirements. The new regulations demand, among other things, demonstrable business continuity structures, functional disaster recovery processes, and clear responsibilities. A current study by DATA REVERSE Data Recovery now shows that a large portion of companies fail to meet these requirements.





The study is based on surveys of 245 IT decision-makers, managing directors, and technical specialists at the IT security trade fair IT-SA in October 2025. The results paint a clear picture: Many organizations lack both a realistic self-assessment and basic technical and organizational measures.

1. Affected Status: More Than Half Have Never Checked Whether NIS-2 Applies

Although the law has been binding since 2024, 53 percent of respondents state they have not checked whether they are affected. Only 22 percent know for certain that they fall under the regulation. Another 25 percent suspect relevance but are uncertain.

This means a significant portion of companies is ignoring a legally required prerequisite and risking fines as well as liability issues related to documentation.

2. Self-Assessment: 71 Percent Consider Themselves Prepared — Despite Obvious Gaps

Of the companies that classify themselves as clearly or probably affected, 71 percent state they are prepared for NIS-2. However, the study shows that this self-assessment often deviates significantly from reality.

Essential mandatory components such as documented recovery processes, defined reporting channels, or regular recovery tests are not implemented in many cases.

3. Disaster Recovery Tests: Only One Third Tests Regularly — Every Second Company Tests Rarely or Never

A central finding concerns the recoverability of systems and data:

33 percent of companies test their recovery processes at least quarterly.

45 percent test only every one to two years or not at all.

22 percent do not know whether recovery tests take place.

Article 21 of NIS-2, however, explicitly requires demonstrable and tested business continuity and recovery processes. Without regular testing, this proof is considered not provided.

4. Emergency Planning: Only About 30 Percent Have a Complete Concept

Only 30.6 percent of respondents state they have a functional, complete IT emergency plan. Another 34.7 percent are still developing a corresponding concept.

Over 30 percent have no IT emergency plan or do not know whether one exists — a critical deficit in the context of legal requirements for organization, reporting processes, and coordination in emergencies.

5. External Data Recovery: 96 Percent Have No Emergency Partner on File

Only 4 percent of the surveyed NIS-2-relevant companies have a defined data recovery contact for worst-case scenarios.

This means 96 percent of cases are missing an essential element: an external partner who can step in when internal backups fail — whether due to ransomware, hardware defects, or misconfigured backup systems. Yet many organizations underestimate how critical professional data recovery can be in an emergency, often basing their assumptions on widespread data recovery myths rather than tested procedures.

Voices from the Company

Jan Bindig, Managing Director of DATA REVERSE, comments:

"The fact that 71 percent consider themselves NIS-2-ready while two-thirds do not regularly test their recovery processes shows a dangerous discrepancy. NIS-2 requires demonstrable business continuity — without tests, there is no proof."

He further explains:

"The biggest gap concerns external data recovery. 96 percent of companies have not integrated an emergency partner. In reality, backups frequently fail. NIS-2 requires functional emergency concepts for precisely these cases."

Recommendations for Companies

DATA REVERSE recommends four immediate measures for affected organizations:

Clearly determine affected status — based on company size, revenue, and sector. Test recoverability — complete restores and documentation of RTO/RPO. Create or update an IT emergency plan — including clear escalation levels. Integrate external data recovery — for a robust backup scenario in the worst case.

DATA REVERSE® has been a leading provider of professional data recovery services for over 20 years, setting industry standards with guaranteed quality and a success rate of over 95%. With TÜV-certified customer service, the company ensures the highest levels of transparency, confidentiality, and personalized support – even in critical emergencies with 24/7 availability. What sets DATA REVERSE® apart is its expertise in reverse engineering and its dedicated research and development (R&D) team, enabling innovative solutions for even the most complex data loss scenarios. Equipped with state-of-the-art technology and a highly experienced team, the company successfully recovers data from rare or severely damaged storage media. In addition, DATA REVERSE® benefits from a vast network of over 200 partners, fostering mutual support across all areas of IT. This enables the company to deliver not only top-tier data recovery but also support clients with IT emergency planning and infrastructure security. The company’s profile is further enhanced by strong social commitment, such as its collaboration with Labdoo, where used laptops are securely refurbished and donated to underprivileged children worldwide. This unique combination of technical excellence, innovation, and social responsibility makes DATA REVERSE® a trusted partner for businesses and individuals alike.

