Ensuring cybersecurity is – next to AI development – one of humanity’s greatest challenges nowadays. This is not a hyperbole – cybersecurity threats are real for public and private sectors, as well as individuals. With the rapid technological advancements and galloping digitisation, malicious entities and individuals are looking to take advantage of the online security gaps created by lack of caution. The European Union tried to counteract this by extensively discussing the issue, giving rise to the NIS directive. After a few years in force, its effects were assessed, and several changes were prepared to improve overall cybersecurity. However, these solutions will not work unless it becomes standard practice to employ cybersecurity specialists in a wide range of environments, extending far beyond those of the biggest organisations. This is what happened in the case of the General Data Protection Regulation (GDPR). The original provisions had been expanded to such an extent that they led to the emergence (separation) of an independent consultancy market in the field of information protection, with particular emphasis on personal data from the technical and legal consultancy markets. Hence, comparisons to the GDPR are valid. In this article, the authors review and assess the changes in cybersecurity legislation. This includes the NIS 2.0 directive category of digital service providers and their expected effects on the labour market.