The regulators mean business
7th May, 2024 • Renaissance Wien Hotel, Vienna, Austria
NIS2 expands personal liability. DORA demands real resilience. The SEC wants investors informed. How to respond?
Cybersecurity is at a crossroads. It is now absolutely clear that security is no longer simply a question reducing business risk, it is also about national economic security, and indeed, national security more fundamentally.
This realisation from government and business that cybercrime is more than just another market risk will, finally, force organisations across the spectrum to invest appropriately in security. More mandatory regulations and standards will have the same effect.
In Europe NIS2 and DORA imposes significant new burdens on organisations. And in the US, the Securities and Exchange Commission has adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.
“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler.
That statement explicitly links cybersecurity to enterprise value and makes it a matter of legitimate concern to investors. This is another story that links security to governance but also starts to assign real value to good security. Let’s see if Europe follows suit.
Come to the e-Crime & Cybersecurity Congress Austria to find out:
- How your fellow cybersecurity professionals are coping with these challenges day-to-day?
- How you can use resilience regulations to build truly risk-based approaches to defend the assets and processes that really matter.
- What practical steps you can take to get better supplier visibility and understanding?
- How to economically enhance the security built into Cloud infrastructure and applications with selected additional technologies.
- How new and not-so-new EU Directives are driving the Board view of cybersecurity risk and investment.