TheCorporateCounsel.net

One of the things that makes cybersecurity compliance particularly challenging is the mosaic of privacy and data protection laws and regulations that companies have to comply with.  This FEI Daily blog from two PwC partners offers some advice to companies on how to manage their cyber compliance efforts:

There are several regulations at the state, federal and international level that organizations, particularly multinationals, should be focused on: NY DFS 500, the California Privacy Protection Agency’s (CPPA) draft Cybersecurity Audit and Risk Assessment Regulations, the EU’s GDPR and the SEC cyber rules, to name a few. Additionally, there is the anticipated CISA cyber incident reporting rule, coming as soon as March 2024. This patchwork of regulations will likely continue to grow in complexity in the months ahead.

So, how can companies untangle this — and where is the most effective place to begin? Start with understanding which regulations apply to your organization. Then, rationalize the common requirements between them and implement no regrets decisions to address those head on. Then, take stock of unique requirements for various geographies. Lastly, engage in public policy to help influence future regulation.

In this evolving regulatory climate, companies that embrace this new era of transparency are likely setting themselves up for success. Those who shy away from transparency do so at their own reputational risk.

The blog also identifies some other cybersecurity trends to watch in 2024 and offers tips on how companies can boost their defenses. These include investing in tools that will permit companies to scale their cloud security efforts and leveraging generative AI in their threat detection and analysis as well as in their cyber risk disclosure and incident reporting processes.

– John Jenkins