Stricter Compliance Regulations

Expectations of basic cyber practises are being raised industry wide, as we see the introduction of GDPR for businesses. This requires the implementation of strict data privacy practices, providing clear data usage disclosures and the necessity of obtaining user consent. Cyber Essentials is also an important framework for ensuring a minimum level of cyber security. It acts as a simple and accessible cyber regulation framework, to help organisations of all sizes and industries protect themselves against common cyber threats. By focusing on basic security hygiene, it aims to significantly reduce the risk of cyber-attacks.

Tightening compliance regulations, including the NIS2 Directive and the EU’s Digital Operational Resilience Act (DORA), are reshaping organisational cyber security. The NIS2 Directive mandates higher standards for essential service providers, including accountability for executives and significant penalties for non-compliance. Executives now face direct economic responsibility if a breach occurs under their oversight, leading to a shift in cyber security decision-making at the board level. PwC’s 2025 Global Digital Trust Insights Survey, reported that 96% of executives claimed regulatory requirements are a key factor in prompting investments for bolstering security measures.

DORA introduces comprehensive requirements for financial institutions to bolster risk management, incident reporting, and third-party provider oversight. This regulatory shift underscores the need for proactive risk management and supply chain security, with compliance increasingly becoming integral to business resilience. Over 75% of executives recognise that compliance with new regulations has improved or matured their cyber security posture.

As compliance expectations rise, cyber insurance costs are projected to increase, with insurers requiring proof of strong cyber security practices. The Cybersecurity Maturity Model Certification (CMMC) 2.0, for example, requires contractors to meet stringent standards, pushing businesses large and small to strengthen their security measures.

“Regulatory frameworks like NIS2 and DORA are driving a fundamental shift in how organisations approach cyber security. With executives now directly accountable for breaches, cyber security is no longer just an IT concern—it’s a boardroom priority.”

– Tom Exelby, Head of Cyber Security