• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Mock exams
        Learning Hub data privacy policy
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        F2f student events
        Key dates
        Book distribution
        Timetables
        FAE elective information
      • Exams
        Exam Info: CAP1
        E-assessment information
        Exam info: CAP2
        Exam info: FAE
        Access support/reasonable accommodation
        Extenuating circumstances
        Timetables for exams & interim assessments
        Interim assessments past papers & E-Assessment mock solutions
        Committee reports & sample papers
        Information and appeals scheme
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Conferring dates
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        What do Chartered Accountants do?
        5 Reasons to become a Chartered Accountant
        Student benefits
        School Bootcamp
        Third Level Hub
        Study in Northern Ireland
        Events
        Blogs
        Member testimonials 2022
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
        Interview preparation and advice
        The rewards on qualification
        Tailoring your CV for each application
        Securing a trainee Chartered Accountant role
      • Support & services
        Becoming a student FAQs
        Who to contact for employers
        Register for a school visit
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        Young Professionals
        Careers development
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Other client services
        Practice Consulting services
        What's new
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector news
        Public sector presentations
      • Member benefits
        Member benefits
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
    • Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • Find a firm
  • Jobs
  • Login
☰
  • Home
  • Knowledge centre
  • Professional development
  • About us
  • Shop
  • News
Search
View Cart 0 Item

Australian Society

☰
  • Home
  • About us
  • Useful links
  • Benefits
  • Support & services
  • Home/
  • Australia Society/
  • News item

Prepare for the future of cybersecurity regulation

Jan 27, 2023

With new EU cybercrime rules coming down the line, now is the time to step up your organisation’s ICT security strategy, writes Neil Redmond

Increased regulatory scrutiny is among the five most important ways businesses have been impacted since 2020, according to the Irish senior executives who participated in PwC’s Global Digital Trust Insight Survey 2023. Regulators are becoming increasingly cognisant of the risk posed by cyber threats to businesses and their customers.

As part of new legislation, the European Union (EU) aims to address cyber, and information and communications technology (ICT) risks. By understanding these regulations and knowing how to prepare, organisations can act now to align with the requirements of new EU legislation.

Four key pieces of the new legislation are introducing additional requirements for business:

  • the Network and Information Security Directive Revision 2 (NIS2);
  • the Digital Operational Resilience Act (DORA);
  • the Digital Services Act (DSA); and
  • the Digital Markets Act (DMA).

How can your business best prepare to comply with these legislative changes? By taking the following key actions, you can ensure that your organisation is ready ahead of time.

1. Assess the maturity of your organisation’s cybersecurity

Reviewing your business’s systems and information security is critical to prepare for the upcoming regulations. Assessing your organisation’s cybersecurity and ICT risk management controls can provide executives with valuable information regarding the business’s cyber risk profile.

By finding potential compliance gaps in their cybersecurity, firms can improve their posture before legislation comes into force, mitigating the risk of non-compliance and subsequent consequences, such as brand damage and financial penalties.

2. Test your business’s operational resilience at the enterprise level

As part of a cyber maturity assessment, evaluating the organisation’s resilience to disruptive events will be key in preparing for upcoming regulations.

While executives may believe that their business is robust and can continue to operate in adverse circumstances, the testing of business continuity and disaster recovery plans allows businesses to measure their resilience and continuously enhance their cybersecurity posture.

The first step is to ensure that the organisation has contingency plans for different scenarios. These scenarios should be exercised and iteratively improved to ensure that they are fit for purpose.

Examples include switching failing systems to backups or simulating a response to a malware attack on your network. All relevant stakeholders, including third parties, should participate in the testing of contingency plans—in today’s world of sophisticated threat actors, executives must ensure that their entire business is ready to respond.

3. Enhance your incident reporting processes

A cornerstone of NIS2 and DORA is reporting ICT and cyber incidents. Businesses need to review their existing reporting channels and procedures, implementing processes to monitor, log, classify and report on incidents consistently.

An effective way to ensure that reporting is standardised and complies with regulatory requirements is to centralise incident reporting across the organisation. Establishing formalised processes for managing reported incidents can support businesses in fulfilling their regulatory obligations.

Furthermore, the DSA and DMA will require organisations to report to authorities regularly. National Digital Service Coordinators will be established, and they will be responsible for compliance monitoring. Reporting to new supervisory bodies will be a feature of these upcoming legislative changes—a trend likely to be seen in future regulations.

4. Analyse and understand your ICT and third-party cyber risk

Today’s business world is deeply interconnected, with organisations often relying on a wide network of suppliers to conduct business. Reliance on third parties can increase the organisation’s susceptibility to cyber-attacks, increasing both the attack surface available to threat actors and the potential for attacks to affect operations significantly.

Regulators have grown concerned about gaps in organisations’ third-party risk management processes in recent years as businesses become increasingly reliant on third parties. NIS2 and DORA build on existing guidance and legislation, such as NIS1 at the EU level and the Central Bank of Ireland’s Operational Resilience Guidelines and Guidance on Outsourcing at the national level.

In particular, DORA will set out many provisions for businesses to report on the ICT risks stemming from their dependency on third parties, requiring them to describe this reliance in detail.

Analysing your business’s exposure to cyber risk through the lens of third parties is a key means of securing your customers’ data and satisfying regulators.

Neil Redmond is Director of Cybersecurity Practice at PwC Ireland

Was this article helpful?

yes no

The latest news to your inbox

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, D02 YN40, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast,
Antrim, BT2 8BG, United Kingdom

TEL: +44 28 9043 5840

Connect with us

Something wrong?

Is the website not looking right/working right for you?
Browser support
CAW Footer Logo-min
GAA Footer Logo-min
CCAB-I Footer Logo-min
ABN_Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
  • Sitemap
LOADING...

Please wait while the page loads.