Ann Keefe, Regional Director for the UK and Ireland at Kingston Technology, highlights the critical role hardware-encrypted external drives play in addressing vulnerabilities tied to storing sensitive data on local devices like laptops or desktops. These drives provide robust physical security and cybersecurity, ensuring data remains protected.

The borderless nature of cybercrime has made policing and prevention hugely challenging. Whether it’s attacks on information systems and networks, online fraud and forgery, or illegal content, bad actors make the most of a global digital landscape with few perimeters.
As a result, cybercrime shows no signs of slowing down. The World Economic Forum’s Global Risks Report last year found that ‘widespread cybercrime and cyber insecurity’ registered for the first time in the top rankings of severe risks, coming in at eighth place in both the short and the long term. In the UK alone, half of businesses report having experienced some form of cybersecurity breach or attack in the last 12 months, according to a recent Home Office survey.
Improving regulation
The European Union is doing something about this escalating risk scenario by introducing the NIS2 Directive. The overall aim is to create a common level of cybersecurity that will address the security of network and information systems, streamline reporting and introduce more stringent reporting, among other goals. After October 17 it was enshrined in law across all EU member states and UK organisations trading in the EU need to comply.
Nurturing a more harmonised approach to cybersecurity will address some of the problems that have existed until now. Previously, national implementations of cybersecurity measures varied significantly, leading to gaps in protection and inconsistent regulatory requirements. By introducing more uniform standards, NIS2 should help to create a level playing field for businesses operating across different EU countries. This is particularly beneficial for companies involved in cross-border operations, as it reduces the complexity of complying with multiple regulatory frameworks.
The directive introduces stricter security requirements and obligates companies to implement measures such as risk analysis, incident handling and system monitoring. It also mandates that businesses notify relevant authorities of significant security incidents, ensuring timely responses to cyberthreats. In addition to the technical and organisational measures, companies must regularly assess and manage the cybersecurity risks within their supply chains, addressing potential vulnerabilities introduced by third-party vendors, suppliers and service providers.
NIS2 also introduces greater accountability for senior management. Company executives can face sanctions for non-compliance, incentivising businesses to prioritise cybersecurity at the highest levels of decision-making. In addition, the directive expands the list of sectors that must comply with its rules, ensuring that even more organisations adopt robust cybersecurity practices.
Taking a layered protection approach
For businesses, NIS2 presents both a challenge and an opportunity. While the increased regulatory demands have required – and will continue to require – time and money on preventative action and solutions, the directive will ultimately help companies strengthen their defences against cyberattacks.
Many CISOs will now have plans underway to ensure compliance, particularly when it comes to data integrity. The strict reporting requirements of the new regulations require that companies put in place measures such as encryption to maintain that level of integrity and create a barrier against breaches. Encryption, which ensures that data cannot be altered without detection, provides a strong basis for protecting data while it is in transit, however, the most important step that can be taken by CISOs if they want to ensure an extra layer of security is by using hardware encrypted external drives.
Hardware-encrypted external drives play a key role in mitigating vulnerabilities associated with storing sensitive data locally, such as on laptops or desktops. These drives integrate built-in encryption mechanisms that automatically secure all data stored on them.
Here’s how they contribute to NIS2 compliance:
Enhanced data security
Hardware-encrypted external drives leverage dedicated chips that automatically encrypt data stored on the drive. This ensures that even if the drive is lost or stolen, the data remains inaccessible without proper authorisation. During data transfers, businesses can ensure that sensitive information is protected both in transit and at rest.
Physical and cyberprotection
These drives offer both physical and cyberprotection. Many models have tamper-resistant designs or tamper-evident enclosures, which can either signal or destroy data if unauthorised access is attempted. This is critical in countering risks like theft or physical tampering. Additionally, since the encryption process is hardware-based, the drives are resistant to software vulnerabilities like keylogging, brute-force attacks, or malware – offering robust defence against cyberthreats.
Demonstrating compliance
One of the challenges in meeting NIS2 is the ability to demonstrate compliance. Hardware-encrypted drives provide a clear, auditable trail of data protection practices, making it easier for companies to show they are meeting the necessary security requirements.
User-friendly security
Despite being so secure, these drives are usable, featuring simple security access methods like PIN and passphrase entry. This reduces reliance on complex password systems or software encryption tools, which can be prone to user error or mismanagement.
Scalability for enterprises
For businesses handling large volumes of sensitive data, scalability is a key factor. Hardware-encrypted external drives are easy to deploy across large teams or entire enterprises, making them suitable for companies that need to secure data at a large scale while maintaining uniform security protocols – essential for complying with the broad scope of NIS2.
Meeting the data protection elements of NIS2
There are many changes that CISOs will still be making to ensure their organisations comply with NIS2, and these measures will also serve to better protect the company from the increasing risks of cyberattacks. Consideration needs to be given not just to data at rest, but also to safeguarding data in transit. This is where hardware-encrypted external drives are needed, particularly in portable formats. These drives not only protect against physical and cyberthreats but also provide a verifiable method for demonstrating compliance with the strict security requirements of the NIS2 regulations. Together, they form a comprehensive strategy for protecting sensitive data and ensuring that businesses are meeting their regulatory obligations, which is critical in today’s heightened regulatory environment.