The introduction of DORA and NIS2 has presented organisations with a challenge in how they should respond to and deal with cyber risk and resilience. Yet, according to experts, having a robust framework can ensure that regulatory compliance can be more about consistency than evading sanctions. This article was originally posted on TechCentral.ie.
In a recent webinar hosted by TechCentral.ie, editor Niall Kitson was joined by an expert panel including Moira Cronin, Partner, Digital Risk, PwC; James Eason, Practice Lead, Cyber Risk & Assurance, Integrity360; Trine Oksnebjerg, Consultant Director, Emagine; and IoD Faculty Member and CIO Expert, Bill McCluggage to discuss the advent of DORA and NIS2.
"If you look at all of the different forms of regulation there is commanlity between them, but there's also differences. What's happening now is that there's regulatory burnout, because organisations are looking at this going: 'We have literally just been through operational resilience, and now there's digital operational resiliece'. We need to almost take a step back and say: 'How can we build our own wall? 'How can we actually, you know, protect the value within our own business," notes Cronin.
Eason also noted that compliance presents an opportunity for directors and board members to engage with bodies outside the organisation in a positive manner.
"Don't think you've got a whole new wave of stuff in your intray. Take a step back, start to look at where the actual benefits are. Start to read between the lines and look at those beneficial elements, as I say, collaboration with regulatory bodies, government bodies, law enforcement, etc, so that when something occurs, you're in a much stronger position to know what to do, " he said.
Bill McCluggage goes on to raise the point that regulators don't need to be viewed as punitive bodies. "The view of many businesses is that regulators are enforcers, that they're there to stymie their business, " he comments. "Regulators are there to bring benefit to the consumer, [and] to society, and therefore working with regulators, understanding their issues can help the business as well, participating in workshops, attending some consultations, or at least inputting into consultations... it's a communication game between regulators and business."
Oksnebjerg also added that new cyber security regulations come with fresh challenges for regulators in managing communications and when to issue penalties. “We are so focused on all the organisations, of course, that needs to be compliant, but actually, the regulators are also finding their feet in in how to audit this new regulation,” she said.
The full webinar can be watched on the TechCentral.ie website and on their YouTube channel.
Cyber Security Fundamentals for Directors
Examine the key questions directors should ask their executive teams and advisors in light of DORA and NIS2.
