There is a multitude of regulations that the businesses must comply with. But being ahead of regulations instead of chasing them gives the businesses an advantage and is far less costly.
What does the survey show?
Forty-seven percent of the respondents indicate that they are highly able to comply with the government’s cyber regulations within IT privacy and cybersecurity (e.g. GDPR, cyber data privacy and outsourcing). Forty-one percent indicate that they are able to do this to some degree, and 1% to a lesser degree. No one is of the perception that they are not able to comply at all, and 10% indicate that they don’t know.
The respondents were also asked if they find it easy or difficult to comply with these regulations. Twenty-nine percent find it easy, 32% find it difficult, and 37% find it neither difficult nor easy. No one finds it very difficult, and only 1% find it very easy.
Q: To what extent is your company able to comply with government regulations in IT, privacy and cybersecurity (e.g. GDPR, cyber data privacy, outsourcing)?
Q: How easy or difficult do you find it to comply with the government cyber regulations?
The proportion of businesses indicating that it is difficult to comply with government regulations is high – one third (no one finds it very difficult, though). Part of the explanation could be that regulations can be complex. There is a multitude of regulations that businesses within the financial sector need to adhere to and multiple regulators - that are not always aligned - to take into account.
The respondents were also asked about the effects of these regulations. There is a group of respondents that indicate that the regulations have resulted in an increased focus on cybersecurity in their organisation. Some of them indicate that the regulations have provided them with a framework for working with cybersecurity. Other respondents point to the stick effect of the regulations – getting fined if regulations are not complied with.
Then, there is a group of respondents indicating that the regulations have increased the bureaucracy. Some point to more administrative work. Others say that the regulations have made things more difficult, as they do not always agree with the regulations.
Not all of the businesses surveyed, however, see the regulations as having an impact. They indicate that they would have taken the measures anyway. This is positive. Businesses should be ahead of regulations instead of chasing them and being worried about them. This not only gives them an advantage in terms of cybersecurity but is also far less costly.
The bigger picture
Being ahead is worth it
It can be a difficult and complex task to manoeuvre within the multitude of cyber regulations within IT privacy and cybersecurity – not least for businesses within the highly regulated financial sector. Many organisations find that they put a lot of focus here and the regulators continue to raise the bar, so it requires continuous attention. Thus, we see a trend towards working more with the implementation side to get cybersecurity to live as part of the organisations culture.
And it is very much worth complying and even be ahead of regulations. Not doing so makes the business more vulnerable to cyber-attacks, and it can be a very costly affair getting fined. Moreover, there is the whole reputation risk. Getting fined for not complying with regulations can be costly in terms of money, but also in terms of reputation. It can seriously damage an organisation’s brand and credibility if it gets a big fine for not complying. The consequences of this can be severe as the customers can start doubting whether the financial institution is taking good enough care of the money. This can lead to the loss of costumers.