Karl Mattson , Field CISO at Noname Security , explains the benefits of proactively seeking compliance with upcoming regulations , and how they can be viewed as a business enabler .

However , this is not simply a tick-box exercise ; it ’ s about ensuring that organisations have effective safeguards in place to protect their business , their ecosystem of partners and their customers .

There ’ s a wealth of new EU legislation in the pipeline designed to tackle cybersecurity risk in critical sectors . The Digital Operational Resilience Act ( DORA ) focuses on cybersecurity in the finance sector and the Cyber Resilience Act ( CRA ) concentrates on reducing risk within hardware and software products . The Network and Information Security 2 Directive ( NIS2 ), seeks to raise cybersecurity standards and incident response capabilities in a wide range of critical industries such as energy , communications , water , banking , health and transport .

As every CISO knows , cybersecurity is a multiaspect , multidisciplinary activity and no organisation will ever succeed in entirely preventing attacks and breaches .

Both the DORA regulation and the NIS2 Directive prescribe that businesses must demonstrably protect everything that is valuable to the organisation , such as finances , systems and intellectual property . DORA complements the NIS2 Directive as well as the General Data Protection Regulation ( GDPR ).

Regulation as a competitive advantage

As every CISO knows , cybersecurity is a multiaspect , multidisciplinary activity and no organisation will ever succeed in entirely preventing attacks and breaches . What businesses can do – and what the regulations require – is implement programmes to manage and minimise risk and demonstrate that they are effective .

Rather than view regulation as an onerous task , achieving compliance enables organisations to gain a competitive advantage . Indeed , as new regulations come into force , organisations are likely to find that many of their partners will require proof of compliance before doing business with them .

Achieving compliance with NIS2 and DORA will be a lengthy process , therefore getting started sooner rather than later is imperative . Additionally , the more resilient the organisation becomes against cybercriminals and risks , the easier it will be to pass regulatory audits .

The implications of DORA for API security

DORA is a crucial legislative framework that mandates operational resilience for financial institutions such as banks , credit institutions , insurance companies or insurance intermediaries , pension funds , investment firms , payment service providers and e-money institutions , within the EU .

Karl Mattson , Field CISO at Noname Security

WWW . INTELLIGENTCISO . COM 33