Markets
A changing threat landscape and exponential digital transformation, coupled with society’s ever-growing reliance on digital technologies and increasing regulatory and legislative requirements, mean that investment in cyber and software resilience is no longer optional and NCC Group’s addressable market is growing. Market dynamics
Increasing regulatory and legislative requirements
Society’s ever-growing reliance on digital technologies
Changing threat landscape
Exponential digital transformation
A changing threat landscape The global geo-political environment fuels a buoyant cyber resilience market. Strategic competition is coming from China, and hostile threats from Russia, Iran and North Korea. This, coupled with emerging offensive capabilities in other nation states and organised crime groups, creates a volatile state of unpeace that organisations need to prepare for, navigate and defend against. As the scourge of ransomware emerges as a distinct threat to organisations of all sizes, and software supply chain attacks inflict mass disruption in all geographies, the real-world kinetic impact of recent cyber attacks has catapulted a deeper awareness of the threat to our digital lives into the mainstream. Society’s ever-growing reliance on digital technologies This has been exacerbated by exponential digital transformation. Software and cloud consumption, driven by the Internet of Things (IoT), has never been higher, and the digital supply chains upon which our connected environment depends have never been more complex and interdependent. And as the fall-out from ransomware attacks and technical outages alike has shown, we have never relied more on the smooth functioning of digital technologies than we do now.
Increasing regulatory and legislative requirements That means, too, that focus on and expectations of ensuring the continuity of essential services – and with it a renewed awareness of the crucial importance of digital business continuity planning – have increased significantly. And while citizens rightly expect organisations to act responsibly, so legislators and regulators have concluded that the defence and resilience of schools and hospitals, banks and insurers, water treatment facilities and gas pipelines are too important to be left to chance. As a result, we are seeing a global increase in the depth and breadth of mandated requirements with which organisations must comply to enter or continue operating in their respective markets. Cyber resilience measures are becoming an integral element of an organisation’s licence to operate. We are seeing evidence of this in the UK with the government’s proposed legislation for consumer IoT manufacturers, and the strengthening of security requirements for telecommunications companies. In the US, the government is taking forward software supply chain security measures by Executive Order and the Australian government is enhancing incident management for critical infrastructure operators, while the European Union is pressing ahead with expanding the scope of the Network and Information Security Directive. At the same time, we are seeing a growing convergence of cyber and software resilience as part of a broader trend towards digital operational resilience. Global financial regulators, from the Basel Committee to the UK’s Prudential Regulation Authority and Canada’s Office of the Superintendent of Financial Institutions, have updated their rules and guidance on technology, third party technology and cloud outsourcing arrangements. All acknowledge that the financial systems’ reliance on third party solutions presents risks that need to be mitigated before they fundamentally threaten the global financial system.
16
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Made with FlippingBook Converter PDF to HTML5