EXPERT SPEAK
The success of any cybersecurity strategy hinges on a company ’ s ability to bring together different teams to manage risks coherently . This means not only ensuring that board members are engaged but also that the legal , technical , and compliance teams are communicating effortlessly and have access to the same threat intelligence .
Risk should always be signed off as a team effort , with clear accountability at every level of the organisation . It may be tempting to assign security responsibilities to a small team and forget about it , but without transparency and co-ordination , a small incident can quickly turn into a major data breach .
The role of the CISO is likely to become more centralised and far-reaching for that reason , and it will become a more important role , even in smaller enterprises . •
regulations , but it is also one of the most important . The new wave of regulations introduces legal , compliance , and technical components that require various parts of an organisation to get together and exchange information effectively .
This demonstrates the importance of having a robust and well-coordinated governance structure .
The new wave of regulations introduces legal , compliance , technical components that require organisations to exchange information effectively .
Key takeaways
• NIS2 brings stronger enforcement and greater penalties for non-compliance , and shifts accountability to those at the top .
• DORA will come into force for every organisation it applies to at the same time , regardless of which EU country they operate in .
• Rather than change the game , these new legal instruments are designed to elevate the game and give best practices a structural framework .
• Most businesses should be doing much of the heavy lifting outlined in DORA and NIS2 already , so impact on businesses will be minimal .
• Compliance is not really the goal here , instilling a culture of risk management is .
• Both regulations emphasise the importance of risk management as a cultural and policy-driven goal rather than compliance for its own sake .
• The legislation is a positive step , because too many businesses still treat their security initiatives an afterthought or box-checking exercise .
• The legislation creates an impetus for better data governance and the formation of better organisational habits .
• The legislation strengthens the role of CISOs and makes security a team endeavour , rather than something to justify .
• Supply chain security is a big part of NIS2 , and DORA puts a lot of emphasis on controlling third-party service providers .
• One of the standout elements of both NIS2 and DORA is the direct responsibility placed on management boards .
• For too long , cybersecurity has been viewed as the domain of IT , and the new regulations require a hands-on approach from leadership .
• Governance needs to be a team effort , with legal , compliance , technical working together to ensure a coherent approach to risk management .
• Governance is one of the trickiest aspects of implementing the new regulations , but it is also one of the most important .
• The success of any cybersecurity strategy hinges on a company ’ s ability to bring together different teams to manage risks coherently .
• Risk should always be signed off as a team effort , with clear accountability at every level of the organisation .
INTELLIGENT TECH CHANNELS 57