Increasing regulatory and legislative requirements
3
Following developments in recent years, the rapidly evolving threat landscape is reflected, too, in a significant increase in more interventionist government regulation of cyber security and resilience all around the world. As the concept of a “whole-of-society” approach becomes a fundamental element of Western governments’ responses to the cyber challenges of the 21st century, we are seeing widespread attempts to re-write the rulebook for many sectors that are essential to the functioning of modern societies and economies. This includes: • The introduction of minimum security and safety standards for connected devices in consumer homes and enterprise environments, as well as for near everything else we have come to accept as a given in our digital world – from smart electric vehicle charge points to the app stores on our mobile phones • The strengthening of organisational cyber security, and organisations’ incident reporting requirements, driven predominantly via reform of the Network and Information Systems (NIS) Directive in Europe but also through Security Legislation in Australia, and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 in the United States, amidst an ever-growing focus on how effectively to regulate supply chain security and meaningfully direct organisations’ responses to ransomware attacks • The professionalisation of cyber security service provision itself as the crucially important role of our industry in underpinning the global digital growth agenda is ever-better understood
Add to these general trends specific sectoral developments, and more widely relevant undertakings, and it is easy to conclude that we are but at the foothills of what the future cyber regulatory landscape will look like. This includes: • Demands on financial institutions to adopt a “resilience by design” approach to managing their third party technology risk • Central banks’ desire to develop stable and secure digital currencies • Efforts to introduce secure digital identities in the public sector and beyond • Debates about standards for quantum-resistant cryptography • Proposals to govern and assure the ethics and cyber security of artificial intelligence • Discussions to restructure international data transfers to safeguard privacy Moreover, this increasingly complex global regulatory landscape is complicated further by geopolitics-fuelled competition over evolving standards for new and emerging technologies, all of which organisations will have to navigate successfully in pursuit of their broader objectives. In fact, cyber resilience is a key component of ESG and sustainability measures, which make knowledge of and compliance with required governance an integral element of any organisation’s licence to operate. As organisations will increasingly rely on trusted partners to help them to secure their future growth and navigate the maze of horizontal, sectoral and internationally overlapping rules, standards and laws, we believe that organisations like NCC Group that advocate for evidence-based and future-proof regulations that materially improve security and resilience outcomes, and that deeply understand the evolving policy landscape and respond to organisations’ changing needs with relevant research, product development and new propositions, are well placed to meet this growing demand globally.
Cyber resilience is a key component of ESG and sustainability measures, which make knowledge of and compliance with required governance an integral element of any organisation’s licence to operate. ”
Katharina Sommer Head of Public Affairs
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
23
Made with FlippingBook Online newsletter maker