43% of organisations struggle with cybersecurity compliance

Infosecurity Europe, Europe’s leading information security event, has disclosed that 44% of organisations are struggling with the complexity and time-consuming nature of cybersecurity legislation compliance. This revelation is based on a recent survey conducted among IT security decision-makers. The survey highlighted significant challenges, with numerous regulations such as the Sarbanes-Oxley Act (SOX) being perceived as particularly complex, while others like the Data Protection Act (DPA), Network and Information Systems Directive (NIS/NIS2), and the EU Cybersecurity Act, were also considered somewhat complex by over 75% of respondents.

Rohan Massey, a Partner at Ropes & Gray LLP, is set to deliver a keynote address at Infosecurity Europe, to be held at ExCeL London from 4-6 June 2024. Massey’s session, titled “A cybersecurity legislation update - what is coming down the tracks next and how will it affect you?” is scheduled for Wednesday, 5 June, from 11:50 to 12:15. He will shed light on impending regulatory changes and their implications for businesses, providing essential insights into the future landscape of cybersecurity legislation.

Massey commented on the current state of compliance, saying, "Navigating the ever-shifting landscape of digital and cybersecurity legislation is paramount for businesses striving to maintain compliance and resilience. As we look ahead to Infosecurity Europe 2024, I'm eager to discuss the imminent changes on the horizon, including the impactful NIS2 regulations, and delve into their implications for operational strategies."

The survey revealed significant hurdles for businesses, with only a few organisations achieving over 50% compliance with SOX and the EU Cybersecurity Act. Massey's keynote aims to equip organisations with the knowledge needed to manage these challenges. He will elaborate on global legislative trends, the nuances of compliance across different industry sectors, and the specific contrasts between UK and EU regulations.

"During my keynote, I’ll look forward and explore what’s likely to become law, touching on how other countries are looking to regulate cybersecurity and the digital environment. I’ll also navigate the nuances of UK vs EU compliance. Together, we can chart a course toward enhanced cybersecurity resilience in an era of unprecedented change,” Massey added.

Nicole Mills, Event Director of Infosecurity Europe, underscored the importance of regulatory compliance in cybersecurity, asserting, "Regulation continues to play a crucial role in cybersecurity—driving improvements, protecting sensitive data, fostering accountability, promoting resilience, driving innovation, addressing global challenges, and building trust in the digital economy."

Mills further noted the survey's findings on the ongoing struggles with regulatory compliance: "Yet, our research found that regulatory compliance is a hurdle that most organisations are yet to overcome. We eagerly await Rohan Massey's keynote at Infosecurity Europe 2024. His insights will undoubtedly provide invaluable guidance for businesses striving to enhance their compliance efforts and bolster their cybersecurity resilience."

In addition to his upcoming keynote, Massey's extensive experience includes advising multinational corporations and private equity funds on complex data protection and cybersecurity issues. His expertise is particularly valuable in understanding the extra-territorial scope of national data protection laws and managing data transfer issues for global organisations. Massey has also been instrumental in several high-profile breach data management cases and has successfully guided clients in obtaining Binding Corporate Rules (BCR) approval from EU regulators.