Cybersecurity regulation in 2023 – Critical infrastructure & mandatory disclosures
Cyber security is a complex environment with firms and service providers often getting lost in terminology, requirements and ethics.
To this purpose, there have been many instances where national, and state governments, along with business associations have initiated regulatory frameworks to help companies operate more effectively while protecting their company’s and customer’s assets in this complex and rapidly evolving landscape. According to Wikipedia, cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems along with company and customer information from cyberattacks. There are numerous measures available to prevent these attacks. There have been attempts to improve cybersecurity through regulation and collaborative efforts between governments and the private sector to encourage voluntary improvements to cybersecurity.
2022 has seen sweeping changes announced by the UK government to boost resilience against online attacks, and similarly in the US we saw regulation passed to require the reporting of significant cyber incidents to CISA in critical infrastructure industries, including banking, health care, energy, telecommunications, and others. As of January 1, 2023, in Germany’s Supply Chain Due Diligence Act requires companies of more than 3,000 employees top ensure environmental and social standards are complied with.
ENISA, the EU Agency for cybersecurity now has additional regulatory powers. The EU Cybersecurity Act grants a permanent mandate to the agency and gives it more resources and new tasks to enforce cybersecurity requirements.
ENISA will have a key role in setting up and maintaining the European cybersecurity certification framework by preparing the technical ground for specific certification schemes. It will oversee public information on the certification schemes and the issued certificates of compliance.
ENISA is mandated to increase operational cooperation at EU level, helping EU Member States who wish to request IT support for managing their cybersecurity incidents, and coordination of the EU in case of large-scale cross-border cyberattacks and crises.
Read more by downloading the full article.