Business Insights
  • Home
  • Crypto
  • Finance Expert
  • Business
  • Invest News
  • Investing
  • Trading
  • Forex
  • Videos
  • Economy
  • Tech
  • Contact

Archives

  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • August 2023
  • January 2023
  • December 2021
  • July 2021
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019

Categories

  • Business
  • Crypto
  • Economy
  • Finance Expert
  • Forex
  • Invest News
  • Investing
  • Tech
  • Trading
  • Uncategorized
  • Videos
Subscribe
Money Visa
Money Visa
  • Home
  • Crypto
  • Finance Expert
  • Business
  • Invest News
  • Investing
  • Trading
  • Forex
  • Videos
  • Economy
  • Tech
  • Contact
Why AV is an overlooked cybersecurity risk
  • Tech

Compliance is evolving — Is your resilience ready?

  • July 18, 2025
  • Roubens Andy King
Total
0
Shares
0
0
0
Total
0
Shares
Share 0
Tweet 0
Pin it 0

Life is changing fast for privacy professionals.

A decade ago, our focus was making sure our organizations were being transparent and thoughtful about collecting individuals’ personal data and giving them choice about the handling of their data, meticulously safeguarding it, and advising on obligations and best practices in the event personal data was compromised.

Today, I still do all these things, but as the cyber security regulatory environment has changed, my scope has grown to include not only keeping personal data private, but also how to handle threats to the integrity and availability of the services processing that personal data.


You may like

This means I spend a lot of time with Cloudflare product and engineering teams on matters related to the availability and resilience of our products. We work on developing ways to measure the effects of outages, determining which incidents must be reported and, when necessary, actually shaping the report and response.

I’m not alone in perceiving a shift in the privacy and compliance world. More than 80% of privacy professionals are tasked with working beyond their more traditional privacy duties, according to the International Association of Privacy Professionals’ 2024 Privacy Governance Report.

Cyber security regulatory compliance has become the second-most-common new responsibility among respondents whose remits are growing. In addition to protecting privacy, we now need to ensure our organizations are reducing cyber risks and enhancing resilience.

Emily Hancock

Social Links Navigation

Navigating new regulations

The change in the role of privacy professionals reflects a major shift in the data regulation environment. Over the last two years, a series of new regulations has made resilience and risk management as essential to compliance as data privacy always has been.

Starting with the European Union’s General Data Protection Regulation (GDPR), the first wave of major data privacy and security regulations focused on protecting individuals from the harm of having their data compromised.

Compliance with GDPR, the California Consumer Privacy Act, and other similar regulations meant respecting the rights of data subjects, limiting the amount of personal data organizations collected, and protecting that information from unauthorized disclosure and bad actors.

Three new regulations

Three new regulations that have taken effect since 2023 are representative of how compliance is changing: the Network and Information Security 2 (NIS2) directive, the Digital Operational Resilience Act (DORA), and the U.S. Securities and Exchange Commission (SEC) Cybersecurity Rule.

In Europe, NIS2 aims to improve digital resilience and security practices across 18 sectors, while DORA focuses on risk in IT management in the financial sector. The SEC’s new rule raises security and reporting standards for publicly traded American companies.

Because it covers so many industries across all of Europe, NIS2 may have the broadest impact of the three. NIS2 challenges organizations to assess risk more thoroughly, handle incidents more quickly, and do more to ensure business continuity. NIS2 requires organizations to address:

  • The visibility of all IT assets across environments, enabling comprehensive risk assessment and proactive incident handling.
  • The security of the software supply chains that support critical systems.
  • Security across the entire lifecycle of network and information systems.
  • The vulnerability of mission-critical web applications to third-party threats.
  • Encryption, access control, and authentication for a range of user types, devices, and systems.

Security, privacy, and resiliency requirements

NIS2 also imposes those security, privacy, and resiliency requirements on a wider collection of industries and organizations than its predecessor, the original Network and Information Security Directive (“NIS”). NIS applied to several sectors that function as crucial national infrastructure, including energy, transportation, banking and finance, water, and healthcare.

NIS2 adds wastewater management, the space industry, public administration, and managed business-to-business IT services to that group. It also adds six new industries to the “important” category: waste management, food processing, research, post and courier services, chemical production and distribution, and certain types of manufacturing.

Firms in both categories face the same basic requirements, but NIS2 mandates that organizations in essential sectors proactively demonstrate compliance. Crucially, NIS2 requirements flow through covered organizations to the third-party data processors they employ, also.

Under NIS2, medium-sized organizations (those with more than 50 employees or €10 million in annual turnover) in essential or important sectors in the EU are now subject to exacting security standards. Failure to comply has potentially ruinous consequences: fines of up to 2% of global revenue for “essential” sector firms and 1.4% for “important” ones. Persistent non-compliance can lead to suspension of services or responsible employees.

The net effect: more companies in more industries are subject to rigorous security and resiliency standards. And privacy teams play a key role in helping meet those requirements.

Building on existing privacy investments

Many of the organizations covered by NIS2 are addressing stringent cyber security regulations for the first time. They’re doing so while also managing the complexity that confronts all of us in modern IT as they operate across on-premises systems, cloud computing deployments, and edge devices.

NIS2 identifies 10 risk management measures that covered entities must take. They include assessing and planning for a wide range of hazards, from supply-chain vulnerabilities and natural disasters to network outages and human error. That complicated mix of risks crisscrosses the physical and digital worlds.

But there’s good news for covered organizations and the privacy teams stretching themselves to ensure compliance: Many of the efforts they’ve already taken to build mature, comprehensive privacy programs can be leveraged to aid in compliance with cyber security regulations.

For instance, NIS2’s risk assessment mandates require covered firms to inventory all assets in their IT estates. DORA does the same for companies in finance. Existing data maps developed for privacy purposes give organizations a head start on understanding their asset collections and the risks facing them.

Privacy teams play an essential role in meeting the incident handling demands of NIS2 and other new regulations. For example, we help determine when incidents meet the reporting threshold and work with observability teams to ensure our organizations have the data we must share with regulators and the public.

Achieving compliance without adding complexity

However, sturdy your foundation, meeting NIS2’s mandates presents new technological challenges. For many organizations, business continuity depends on continuous availability of web applications. That means protection against distributed denial-of-service (DDoS) attacks at the network, transport, and application layers.

Covered firms also have a new level of accountability for the security of the third-party apps they use and the software supply chain underlying their stacks. The stiff penalties for non-compliance make the fundamentals of cyber security more important than ever: pre-empting phishing and malware attacks, access control and management, and the appropriate use of cryptography, encryption, and multi-factor authentication (MFA).

There’s no single system or piece of software that can take on those challenges. It’s a matter of strategy — a mix of technology, policy, procedure, and ingenuity. But the tools do matter. And choosing security solutions suited to the evolving regulatory environment can reduce complexity and cost as organizations pursue compliance.

Three key questions to ask

Here are three key questions to ask as you assess cyber security solutions in light of NIS2:

1. Are these solutions versatile enough for complex IT environments? There are point solutions that may be well suited to individual aspects of NIS2 compliance, but weaving several of them into hybrid environments can complicate management and leave security gaps.

2. Do they make visibility simpler? Inventorying IT assets, identifying potential security issues, and quickly investigating threats are essential to NIS2 compliance. The right security platform will deliver visibility and reporting on demand.

3. Are they built for business continuity? Interruptions to web applications threaten essential services. Look for solutions that reduce web downtime with multiple layers of protection against attacks.

We've featured the best privacy tool and anonymous browser.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Roubens Andy King

Previous Article
Secured #6 – Writing Robust C – Best Practices for Finding and Preventing Vulnerabilities
  • Forex

Secured #6 – Writing Robust C – Best Practices for Finding and Preventing Vulnerabilities

  • July 18, 2025
  • Roubens Andy King
Read More
Next Article
Satoshi-Era Bitcoin Whale Shifts Last Of Stack To Galaxy Digital
  • Crypto

Satoshi-Era Bitcoin Whale Shifts Last Of Stack To Galaxy Digital

  • July 18, 2025
  • Roubens Andy King
Read More
You May Also Like
Google Phone Expressive updates are rolling out now
Read More
  • Tech

Google Phone Expressive updates are rolling out now

  • Roubens Andy King
  • July 31, 2025
The 15 best back-to-school deals for college students
Read More
  • Tech

The 15 best back-to-school deals for college students

  • Roubens Andy King
  • July 31, 2025
Lyft completes its 7 million acquisition of Europe’s Freenow
Read More
  • Tech

Lyft completes its $197 million acquisition of Europe’s Freenow

  • Roubens Andy King
  • July 31, 2025
Ford to reveal more about its new low-cost electric vehicles on August 11
Read More
  • Tech

Ford to reveal more about its new low-cost electric vehicles on August 11

  • Roubens Andy King
  • July 31, 2025
Klarna is considering reviving its potential NY IPO as soon as September, after earlier putting plans on hold amid market turbulence due to tariffs (Bloomberg)
Read More
  • Tech

Klarna is considering reviving its potential NY IPO as soon as September, after earlier putting plans on hold amid market turbulence due to tariffs (Bloomberg)

  • Roubens Andy King
  • July 31, 2025
Nintendo Direct live build-up: start time, how to watch, and our predictions ahead of today’s Partner Showcase that’s kicking off shortly
Read More
  • Tech

Nintendo Direct live build-up: start time, how to watch, and our predictions ahead of today’s Partner Showcase that’s kicking off shortly

  • Roubens Andy King
  • July 31, 2025
AT&T Will Pay 7M: You Could Get Up to K if Your Data Was Exposed
Read More
  • Tech

AT&T Will Pay $177M: You Could Get Up to $5K if Your Data Was Exposed

  • Roubens Andy King
  • July 31, 2025
Your DVDs won’t last forever — rip’m to save them
Read More
  • Tech

Your DVDs won’t last forever — rip’m to save them

  • Roubens Andy King
  • July 31, 2025

Recent Posts

  • XRP’s Secret Weapon? Ripple Exec Says It’s Not What You Think
  • Nasdaq Nordic resumes trading after glitch prompts order cancellations
  • Keppel DC REIT’s 1H FY25 Result Review
  • Bitcoin Profit-Taking Surges as New Whales Realize Billions
  • Walmart (WMT) Expands Marketplace Offering With A-GAME Beverages’ Sports Drink Line
Featured Posts
  • XRP’s Secret Weapon? Ripple Exec Says It’s Not What You Think 1
    XRP’s Secret Weapon? Ripple Exec Says It’s Not What You Think
    • July 31, 2025
  • Nasdaq Nordic resumes trading after glitch prompts order cancellations 2
    Nasdaq Nordic resumes trading after glitch prompts order cancellations
    • July 31, 2025
  • Keppel DC REIT’s 1H FY25 Result Review 3
    Keppel DC REIT’s 1H FY25 Result Review
    • July 31, 2025
  • Bitcoin Profit-Taking Surges as New Whales Realize Billions 4
    Bitcoin Profit-Taking Surges as New Whales Realize Billions
    • July 31, 2025
  • Walmart (WMT) Expands Marketplace Offering With A-GAME Beverages’ Sports Drink Line 5
    Walmart (WMT) Expands Marketplace Offering With A-GAME Beverages’ Sports Drink Line
    • July 31, 2025
Recent Posts
  • The Cheesecake Factory unveils new affordable menu categories
    The Cheesecake Factory unveils new affordable menu categories
    • July 31, 2025
  • Google Phone Expressive updates are rolling out now
    Google Phone Expressive updates are rolling out now
    • July 31, 2025
  • US SEC Rolls Out ‘Project Crypto’ to Rewrite Rules for Digital Assets
    US SEC Rolls Out ‘Project Crypto’ to Rewrite Rules for Digital Assets
    • July 31, 2025
Categories
  • Business (1,276)
  • Crypto (671)
  • Economy (104)
  • Finance Expert (1,138)
  • Forex (672)
  • Invest News (1,559)
  • Investing (868)
  • Tech (1,262)
  • Trading (1,245)
  • Uncategorized (1)
  • Videos (774)

Subscribe

Subscribe now to our newsletter

Money Visa
  • Privacy Policy
  • DMCA
  • Terms of Use
Money & Invest Advices

Input your search keywords and press Enter.