With NIS2 the cybersecurity landscape will change, this applies not only for conventional networks but for OT technologies too. More subjects are now involved, more obligations are requested from the regulator. Practical observations from field audits tell us that some sectors are more prepared than other ones. Why is that so?