Eoghan Daly, Partner and Head of Cybersecurity, recently featured in The Irish Times Special Report on Cybersecurity.
The operational and reputational damage inflicted by a cyberbreach is bad enough, but there is also the prospect of regulatory punishment. All organisations are covered by GDPR to one extent or another, financial institutions have to comply with the Digital Operational Resilience Act (DORA), while organisations considered to be important entities are governed by NIS2 as well. Then there is the EU Cyber Resilience Act (CRA) and of course the earlier EU Cybersecurity Act. Sanctions can be harsh – under GDPR fines can be as high as €20 million or 4 per cent of a company’s global annual turnover, whichever is higher.
But how can organisations keep pace with these regulations and ensure they don’t fall foul of them?
According to Eoghan Daly, partner and head of cybersecurity with BDO Dublin, regulation, while cumbersome, serves as a critical driver for organisations to prioritise security, moving it from a technical IT problem to a boardroom-level priority.
Regulations like GDPR, DORA, and NIS2 set minimum standards for data protection and operational resilience, ensuring that organisations take concrete steps to protect sensitive information and critical infrastructure. Without these regulations, many organisations might not invest sufficiently in cybersecurity, leaving them and their customers vulnerable. The rules create a framework of accountability, which is essential for building public trust in a digital economy.
Yet the sheer number and complexity of the regulations, especially for organisations operating in multiple jurisdictions, can be hugely challenging for organisations.
Companies often face challenges like resource constraints, a lack of skilled personnel, and the need to constantly adapt to evolving rules.
Read the full article by Danielle Barron in The Irish Times.