Cybersecurity Regulations & Compliance
As regulations around the world increase to harmonize systems and join forces to strengthen cyber resilience and combat cyber attacks of all kinds, the information and guidelines can be overwhelming.
This is why we have created dedicated articles and resources to help organizations align with their regional duties regarding incident reporting and security measures. Scroll down for our NIS2 action plan as well as guidelines for every active IT security legislation.
until the new Digital Operational Resilience Act (DORA)
NIS2 Risk Calculator
Following NIS2's enforcement, are you aware of your risk and implications? Use the below calculator as a guideline.
NIS2
Under the latest NIS2 directive due on October 17th, 2024, organizations are required to take several measures to ensure the security and resilience of their networks and information systems.
Risk management, technical and organizational measures as well as incident reporting will all be part of this law enforcement throughout the EU.
What’s a key tool for advanced security monitoring? How can you best comply and avoid the penalties? Download the NIS2 action plan and compliance checklist below or read our extensive blog.
DORA
Entered into Force: January 16, 2023
Regulation application: January 17, 2025
The EU Commission's regulation Digital Operational Resilience Act (DORA) that came into force on 16.01.2023 affects all regulated financial companies in the EU and translates into several actions around IT systems and incident reporting.
What are the implications of DORA for Swiss companies? How can companies best fight cyber threats in this scope?
ISG
The recent Information Security Act (ISG) in Switzerland bundles the relevant legal bases for cybersecurity in one law and leads to a fundamental restructuring of cybersecurity by the federal government.
Directives on IT security, how the federal government can order audits and the responsibilities for dealing with major IT attacks are highlighted in our blog. Read about the reporting duties, deadlines and fines below.
From the Perspective of a Data Scientist
"It’s impossible to completely secure an organization against cyber-attacks. At some point, attackers will successfully compromise nearly any organization.
Thus, the relevant question is, can an organization detect and mitigate a cyber -attack before their data is stolen and encrypted?"
- Dr. sc. David Gugelmann, Co-CEO @ Exeon Analytics
What Should You Do Today?
Below is a to-do list grouped into four focus areas to provide organizations with an overview of best practices towards the compliance for all regulations mentioned above.
By completing these four steps, your organization will not only reach higher levels of corporate and IT security, but you will also save time and costs on reactive measures and potential penalties through complete processes, planning and adequate tools.
1. Analyze and assess your security risks:
- Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities.
- Prioritize risks based on their likelihood and potential impact on the organization.
- Develop a risk management plan outlining strategies for prevention, detection, identification, containment, mitigation, and incident response.
2. Ensure business continuity and crisis management:
- Develop and regularly update a business continuity plan to ensure your organization can continue its critical operations in the event of a disruption.
- Establish crisis management procedures to respond effectively to unexpected incidents, such as cyberattacks, natural disasters, or other emergencies.
- Conduct regular drills and simulations to test the effectiveness of the business continuity and crisis management plans.
3. Ensure security in third-party procurement, development, and maintenance of networks and information systems:
- Implement a robust vendor risk management program to assess and monitor the security practices of third-party vendors.
- Include security requirements in procurement contracts to ensure vendors adhere to the organization's cybersecurity standards.
- Regularly audit and assess the security posture of third-party systems and networks.
4. Test and evaluate the effectiveness of IT security risk management measures:
- Conduct regular penetration testing and vulnerability assessments to identify weaknesses in the organization's IT systems.
- Implement security awareness training programs for employees to reduce the likelihood of human error leading to security incidents.
- Establish key performance indicators (KPIs) to measure the effectiveness of security measures and regularly review and update security protocols based on the findings.
Result: You Can Achieve Cyber-Resilience
By addressing these tasks, you can enhance your company’s overall cybersecurity posture, reduce the risk of security incidents, and be better prepared to respond to and recover from any potential disruptions. Regular monitoring, evaluation, and updating of security measures are crucial in the ever-evolving landscape of cybersecurity threats.
Consultancy and Guidance on IT Security
Are you uncertain of the required actions for your organization or wish to discuss the details of these regulations with a security expert?
We invite you to share your requirements and concerns directly, and we will propose solutions.
As Written by our Security Experts
As a passionate and interdisciplinary team of security specialists data scientists, white hat hackers and business professionals, we’ve accumulated a wealth of knowledge on cybersecurity regulations.
By maintaining frequent communication and engaging in discussions with industry leaders and decision-makers in IT security, our goal is to translate these insights into relevant and captivating blog posts for you. Explore our latest blog posts below and feel free to get in touch with the authors for comments and questions.
23.08.2023
How NIS2 and ISG Shape Cybersecurity in Switzerland & the EU
Various national and EU-wide regulations have tightened cybersecurity monitoring and reporting requirements for companies. This makes it essential to prioritize the monitoring, detection and reporting of cyber incidents. Read how to achieve compliance and what the ISG (Informationssicherheitsgesetz) requires companies to establish within an ISMS.
20.09.2023
Everything EU & Swiss Companies Should Know About DORA (Digital Operational Resilience Act)
The EU Commission's regulation Digital Operational Resilience Act (DORA) was published as a law affecting financial enterprises – read about how it affects Switzerland and the EU, as well as proposed IT security measures.
05.05.2023
Navigating the Impact of NIS2 on Network Monitoring for Critical Infrastructure: A Comprehensive Guide
The updated Directive on Security of Network and Information Systems (NIS) presents numerous challenges for critical infrastructure operators, particularly in terms of complying with the new requirements and adapting to the evolving cybersecurity landscape. CCO Gregor Erismann provides corporations with critical details about the new EU-wide cybersecurity legislation.