EXPERT SPEAK anomalous network behaviour , documenting and reporting incidents , and taking a Zero Trust approach to third party suppliers . Rather than change the game , these new legal instruments are designed to elevate the game and give these best practices an established structural framework .
All sectors will be impacted , but the financial sector will have more to do because it will be impacted by both NIS2 and the finance-focused DORA . Cyberattacks on European financial services companies increased by 119 % between 2022 and 2023 , and 82 % of finance leaders now regard cybersecurity as the most significant threat to their business .
Most businesses should be doing much of the heavy lifting outlined in DORA and NIS2 already , so the impact on businesses , ideally , will be minimal .
Compliance is not really the goal here . Instilling a culture of risk management is . Both regulations emphasise the importance of risk management as a cultural and policydriven goal rather than just compliance for its own sake .
The legislation is a positive step , because too many businesses still treat their own security initiatives an afterthought or boxchecking exercise . The legislation creates an impetus for better data governance and the formation of better organisational habits .
All sectors will be impacted , but the financial sector will have more to do because it will be impacted by both NIS2 and the financefocused DORA .
Supply chain
Most CISOs welcome DORA and NIS2 . They know that security is no longer optional , and some might even think the legislation does not go far enough . It strengthens their role and makes security a team endeavour , rather than something they must justify .
One of the critical aspects of these regulations is their focus on supply chain security and the control of third-party IT service providers . Supply chain security is a big part of NIS2 , and DORA puts a lot of emphasis on controlling third-party service providers . This requires businesses to evaluate not just their internal processes but also the security measures of the vendors and partners they work with .
As a result , the impact of this aspect of the regulations will be far-reaching , with many organisations reassessing their supply chains and forging new , carefully vetted partnerships .
Board involvement
One of the standout elements of both NIS2 and DORA is the direct responsibility placed on management boards . For too long , cybersecurity has been viewed as the domain of IT departments , but these new regulations require a hands-on approach from leadership .
INTELLIGENT TECH CHANNELS 55