Legislation Incoming: How Prepared Is the Cybersecurity Community?

Greg Day


Category: CSO Perspective

It’s hard to miss the spotlight shone on the cybersecurity industry recently. There’s been a procession of infamous, high-profile cyberattacks. At the same time, organisations are being required to comply with tougher data protection and regulations that, in the case of EU GDPR, will be enforceable from May 2018.

So, what’s the state of mind, and level of preparedness, of Europe’s cybersecurity professionals as they respond to the dual pressures of cyberattacks and regulatory change?

To find out more, we spoke with 1,000 cybersecurity professionals across France, Germany, the Netherlands, Sweden and the U.K. In particular, we were interested to find out how the need for greater cyber protection might be putting additional pressures on the relationships between the cybersecurity and broader business leadership.

The research identifies who takes responsibility for cybersecurity now, and the commercial impacts of the attacks faced by industries. Cybersecurity is a team effort; no one department can ensure its success if the others aren’t on board. Some of our key findings are below, and you can also access the full report: “State of the Cybersecurity Nation: Legislation and Europe’s Security Professionals.”

Accountability and Awkward Conversations

Of the findings, 48 per cent of respondents believed it is the IT manager who is accountable for cybersecurity; yet a third of participants felt it is the CISO or CSO who should be responsible for it, and the, sometimes awkward, conversations with senior management surrounding security issues. After the implementation of new legislation, 47 per cent are expecting to face this scenario.

A top reason for the most awkward conversation with senior management is that something has happened due to human error, potentially causing embarrassment for staff reporting the breach to their bosses. In a small – but telling – finding, the third most common reason for not reporting a breach was that the person responsible was a member of senior management.

Positivity and Resilience

Our research has highlighted that, despite the pressures, the response to cyberattacks is largely positive and resilient. More than half of respondents (60%) said the effects of a cybersecurity incident would provide staff with an opportunity to learn and come back stronger.

When it comes to new legislation, cybersecurity professionals seem ready to raise the bar and use regulatory compliance to drive improvements, adopting and fostering stronger prevention strategies and operational cybersecurity cultures.

You can find the full report on the research at “State of the Cybersecurity Nation: Legislation and Europe’s Security Professionals”, as well as a few of our strategies for success in improving the communication around cybersecurity.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS