AuditBoard reports that new regulatory measures impacting the UK, EU, and beyond are prompting organizations to heighten their focus on addressing cybersecurity and operational risks. The research conducted by AuditBoard indicates that 91% of respondents are concerned about cybersecurity threats to their organizations, with 86% acknowledging incidents within their industry over the past year.
With the continuous pressure on organizations to adopt more proactive and strategic compliance approaches, new regulations such as the Digital Operational Resilience Act (DORA), Network and Information Security Directive 2 (NIS2), and the EU AI Act are playing a crucial role in improving cybersecurity and operational resilience while ensuring responsible AI use. These regulations necessitate prioritization to avoid penalties but also present opportunities for companies to enhance their risk posture, refine operational workflows, and utilize technology in a more responsible manner.
Despite the importance of compliance updates, there is a noticeable discrepancy between executive perception of real-time insights and the operational reality experienced by practitioners. While 92% of executives claim to have real-time compliance posture insights, only 69% of management professionals share the same view. This disconnect underscores the challenge of translating perceived timeliness of data into operational effectiveness.
The impact of compliance efforts on professionals is substantial, with 90% of surveyed individuals citing that conforming to DORA, NIS2, and/or the EU AI Act will affect their workload. Infosec professionals are particularly feeling the burden, with 38% expecting significant impacts compared to risk management (29%) and IT professionals (28%). The expected increase in workloads could potentially heighten the risk of noncompliance as teams grapple with daily tasks.
Despite the prioritization of compliance with NIS2, only 52% of organizations report being fully compliant, while 44% aim to meet requirements by the end of the next year. Many organizations still have significant ground to cover in their compliance journey, including essential elements such as transparency measures, risk management frameworks, and comprehensive risk assessments.
Concerns regarding third-party AI use in compliance with the EU AI Act are widespread among professionals, with 83% expressing worries about potential implications. However, a majority (91%) believes that the EU AI Act will have a positive impact on their organization’s use and development of AI applications.
Karen Albert, VP of Internal Audit at Constellium, emphasized the importance of compliance with new regulations amid the escalating cyber threats. In line with this sentiment, Jason Sechrist, Director of Product Solutions, EMEA at AuditBoard, highlighted the efficacy of purpose-built technology in assisting professionals across all levels and functions to make informed decisions and efficiently execute compliance efforts.
In conclusion, the evolving regulatory landscape is pushing organizations to elevate their cybersecurity and operational risk management efforts. Compliance with key regulations is not only a legal requirement but also a strategic opportunity for companies to enhance their resilience and responsibility in an increasingly digital world. By leveraging technology and adopting proactive compliance strategies, organizations can navigate the complex regulatory environment and strengthen their overall risk posture.