Innovation vs. reaction – taking cybersecurity to the next level

Cyber ​​resilience has become an absolute necessity in recent years as many regulations enter the market from many different angles, most notably DORA, NIS2, CRA (Cyber ​​Shield in the US).

Despite growing investments, the degree of maturity in this area remains low, with significant disparities between organizations and sectors.

Our new cybersecurity benchmark* shows that overall company maturity is increasing, with the financial services sector leading the way with a maturity level of 60% (compared to an average of 53%).

What differences can be observed between highly regulated and unregulated industries?

Highly regulated industries such as finance, energy and life sciences tend to have greater cyber maturity due to heavy investment and regulatory control. In the case of finance, this is due to traditionally high investments and regulatory controls, especially DORA, NIS2, CRA (Cyber ​​Shield in the USA).

If you operate in a regulated industry, companies need to focus on effective pragmatic testing that highlights maturity gaps and “convergent coverage.”

While unregulated industries are not yet under the same pressure, in the medium term it will be crucial that everyone does what is necessary, not what is required, when it comes to cybersecurity. Be on the lookout for future regulations, engage with broader industry groups to learn best practices from others, and use awareness campaigns, training and crisis exercises to emphasize the importance of cyber maturity for your organization.

Continuously improving compliance and resilience is critical. Establish strong program management, continually improve processes, secure funding and stay alert to future regulations.