The European Union recently mandated that businesses put more checks in place to safeguard sensitive information. The Network and Information Security (NIS) and the Digital Operational Resilience Act (DORA) are designed to ensure that current corporate cyber security practices are effective. However, the regulations’ potential impact may be muted without third party input.
The big emphasis is around the continuous measurement of the effectiveness of cyber practises.
Businesses, large and small, increasingly rely on their digital infrastructure to get work done. Technology provides them with the ability to connect with clients, customise products, enhance the customer journey, and differentiate themselves from competitors.
All Systems Under Attack
However, it also means that their digital infrastructure is constantly under attack. In fact, cybercrime is expected to cost the world $9.5 trillion in 2024 and its impact will grow by 15% during the next two years and reach $10.5 trillion in damages in 2025, according to Cybersecurity Ventures.
The reality is that even the world’s most sophisticated cybersecurity entities fall victim to attack. As evidence, a hacker breached a payroll system used by the United Kingdom’s Ministry of Defence. The outsiders gained access to the names and banking details of both current and some past armed forces members.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataEU Strengthens Cyber Security with New Regulatory Standards
The EU understands that protection needs to improve and implemented two security standards in response. The regulations change how organisations treat their security infrastructure.
“Risk management is moving away from art to science”, Acora group CISO & CITO-partner, Darren Humphries. Corporations now need to put metrics in place and document how they meet the guidelines.
NIS’ aim is to create high level, common cyber security best practices. The specification strengthens system security requirements, addresses supply chain security, streamlines reporting, and introduces stringent supervisory measures that may result in sanctions.The work began in the fall of 2021, and the legislation took shape in May 2022. The regulations worked their way through the political system. In January 2023, businesses were given 21 months, until October 2024, to put compliant measures in place.
DORA mandates the establishment of periodic digital operational resilience testing capabilities and requires the implementation of management systems to monitor and report significant ICT-based incidents to the relevant authorities. This comprehensive approach strengthens the IT security of financial entities, like banks, insurance companies and investment firms. The goal is to have their systems remain resilient in the event of any severe disruption.
Three European Supervisory Authorities – the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA) – began creating the standard. They established mandatory incident reporting requirements for financial firms to report significant cyber incidents and breaches to relevant authorities. The standard also encourages cooperation and information sharing among financial entities and regulators to respond effectively to cyber security threats.
Humphries concluded: “Self-attestation is really not working. The MOD breach occurred in part because the government agency accepted self-service attestation from their suppliers. A better option is having a third party cyber security specialist evaluate the processes.”