DORA/NIS2 compliance can be a competitive advantage as well as an obligation
The advent of DORA and NIS2 has presented organisations with a challenge in how they respond to and deal with risk and resilience. However, a robust framework can ensure that regulatory compliance be more about consistency than evading sanctions.
TechCentral.ie editor Niall Kitson was joined by Moira Cronin, partner, digital risk, PwC; James Eason, practice lead, cyber risk & assurance, Integrity360; Trine Oksnebjerg, consultant director, Emagine; and Bill McCluggage, CIO expert at the Institute of Directors to discuss this topic at a recent webinar.
“If you look at all of the different forms of regulation there is commonality between them, but there’s are also differences. What’s happening now is that there’s there’s regulatory burnout, because organizations are looking at this going: ‘We have literally just been through operational resilience, and now there’s digital operational resilience’. We need to almost take a step back and say: ‘How can we build our own wall? ‘How can we actually, you know, protect the value within our own business,” said Cronin.
Eason added that comlpiance presents a vital opportunity to engage with bodies outside the organisation in a positive manner.
“Don’t think you’ve got a whole new wave of stuff in your intray. Take a step back, start to look at where the actual benefits are. Start to read between the lines and look at look at those beneficial elements, as I say, collaboration with regulatory bodies, government bodies, law enforcement, etc, so that when something occurs, you’re in a much stronger position to know what to do,” he said.
McCluggage raised the point that regulators need not be seen as punitive bodies. “The view of many businesses is that regulators are enforcers, that they’re there to stymie their business,” he said. “Regulators are there to bring benefit to the consumer, [and] to society, and therefore working with regulators, understanding their issues can help the business as well, participating in workshops, attending some consultations, or at least inputting into consultations… it’s a communication game between regulators and business.”
Oksnebjerg added that with new regulations come fresh challenges for regulators in managing communications and when to issue penalties. “We are so focused on all the organisations, of course, that needs to be compliant, but actually, the regulators are also finding their feet in in how to audit this new regulation,” she said.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers