44% of Cybersecurity Professionals Struggle with Regulatory Compliance

Written by

Around half (44%) of cybersecurity professionals struggle to comply with cybersecurity legislation due to its complexity and time consumption, research from Infosecurity Europe has found.

The survey of 200 IT security decision makers analysed perspectives on 12 cybersecurity-related regulations either in force or soon to be enforced, including US Sarbanes-Oxley Act (SOX) and the EU’s NIS2 directive.

Regulations such as SOX were considered ‘very complex’ to comply with by 41% of respondents.

Additionally, three-quarters said the UK’s Data Protection Act (DPA), NIS/NIS2 and the EU Cybersecurity Act were ‘somewhat complex.’

Only with SOX and the EU Cybersecurity Act had over 50% of organisations achieved full compliance, highlighting the difficulties faced in staying up to speed with growing regulatory obligations.

Just 0.50% of respondents said that none of the 12 regulations applied to their organisation.

Compliance a Key Focus at Infosecurity Europe 2024

This year’s Infosecurity Europe conference will shine a spotlight on the critical challenges of compliance and regulation and offer best practice advice on staying ahead of this evolving landscape.

Included in the programme will be a talk by Rohan Massey, partner at Ropes & Gray LLP, taking place on the Keynote Stage on Wednesday 5 June from 11.50-12.15.

In his keynote titled ‘A cybersecurity legislation update – what is coming down the tracks next and how will it affect you,’ Massey will discuss how to anticipate future regulatory changes and their impact on businesses. These include the NIS2 regulations, which will come into force from October 2024, and what else is likely to become law.

Additionally, he will examine how compliance strategies differ between industry sectors and how businesses can manage the different levels of complexity.

Massey commented: "Navigating the ever-shifting landscape of digital and cybersecurity legislation is paramount for businesses striving to maintain compliance and resilience. As we look ahead to Infosecurity Europe 2024, I’m eager to discuss the imminent changes on the horizon, including the impactful NIS2 regulations, and delve into their implications for operational strategies.

“From examining global legislative trends to deciphering the intricacies of compliance across industry sectors, my aim is to equip organisations with the knowledge and insights needed to stay ahead of the curve.”

Massey is renowned for his expertise in cybersecurity legislation and is a trusted advisor to many of the world’s largest corporations and private equity funds, focusing on complex data protection and cybersecurity issues.

He has also advised on a number of leading breach data management cases and has assisted clients in successfully obtaining BCR approval from EU regulators.

Nicole Mills, event director of Infosecurity Europe, emphasised the urgent need for organisations to enhance their compliance strategies today.

“Regulation continues to play a crucial role in cybersecurity – driving improvements, protecting sensitive data, fostering accountability, promoting resilience, driving innovation, addressing global challenges and building trust in the digital economy,” stated Mills.

“Yet, our research found that regulatory compliance is a hurdle that most organisations are yet to overcome. We eagerly await Rohan Massey's keynote at Infosecurity Europe 2024. His insights will undoubtedly provide invaluable guidance for businesses striving to enhance their compliance efforts and bolster their cybersecurity resilience,” she added.

Infosecurity Europe 2024 is taking place from 4 to 6 June 2024 at the ExCel, London, under the theme ‘Rethink the power of infosecurity.’

For more information and to register visit Infosecurity Europe.

What’s hot on Infosecurity Magazine?