Cybersecurity rules have been patchy at best and lacking at worst. So the adoption of the NIS Directive on security of network and information systems is a landmark development. Nomi Byström asks whether it is enough for our increasingly connected society.