{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Vincent Colonna
Director, Cybersecurity and Privacy, PwC Switzerland
Wayne Jennings
Senior Manager, Cybersecurity and Privacy, PwC Switzerland
New regulation adds to the compliance jigsaw on cybersecurity facing organisations across Europe. Managing this complexity is increasingly challenging without a holistic approach.
Regulation relating to cybersecurity in Europe continues to evolve, requiring organisations to step up their compliance efforts. The Digital Operational Resilience Act (DORA) and the Network and Information Systems Directive (NIS2) came into force in January, adding to the pressure on many organisations across the European Union (EU) and beyond.
DORA is a new EU law that sets down uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector. It also covers critical third parties that provide information and communication technology services to these organisations, such as IT service operators, cloud platforms or data analytics services.
NIS2, meanwhile, builds on the existing NIS regulation aimed at operators of essential services in the EU, including many financial services businesses, energy and utility companies, as well as healthcare providers. It includes a number of distinct provisions relating to cybersecurity and it significantly extends the previously affected sectors, making it a major project for a wide range of organizations in the European Union.
Tanium Schiff 2023
Kommen Sie gemeinsam mit anderen C-Level Vertreter:innen und IT Entscheidungsträger:innen bedeutender Organisationen in der Schweiz, Österreich und Deutschland mit auf «Grosse Fahrt»!
For in-scope organisations in the EU, including those in Germany and Austria, dealing with DORA and NIS2 adds to the complexity of compliance work. And for those in Switzerland caught by the new regulation – perhaps because they have EU entities – there is the added challenge of working out how DORA and NIS2 interact with the existing FINMA Circular 2023/1.
On DORA in particular, Swiss organisations will recognise the substantial overlap between the two pieces of regulation. For example, both include provisions relating to detection and monitoring, incident management, business continuity and disaster recovery, operational resilience, and third-party risk management. Broadly speaking, FINMA takes a more high-level approach while DORA is more specific about its requirements, but organisations will need to review both regulations carefully.
In some cases, there may even be contradictions or mis-matches. That will require organisations to adjust their approach by business unit or geography to comply with the relevant regulation wherever they are operating. A holistic approach to compliance has to incorporate the ability to manage distinctive requirements in different territories.
Clearly, many organisations are going to need help navigating their way through this difficult terrain. They will naturally look to their technology and cyber partners for support as they seek to ensure ongoing compliance. All the more so given the increasing complexity and distributed nature of many organisations’ IT networks, which now span an ever-increasing number of endpoints.
Cyber incident response and recovery
We have a broad range of flexible solutions, including entire packages, to help you plan and prepare for cybersecurity incidents.
One example of how such support can help is PwC’s partnership with Tanium. It’s a strategic alliance that enables organisation to map their endpoints in real time. In research undertaken last year by PwC , growing numbers of cyber professionals complained there was too much complexity in their technology, data and operating environments. That complexity is not sustainable if organisations are going to be able to manage their regulatory responsibilities effectively. Solutions such as the PwC-Tanium alliance will therefore be crucial.
#social#
Get in touch
Please reach out to us if you are interested in an exchange on how to utilise the PwC-Tanium alliance to gain visibility and reduce your complexity. It’s a vital step in managing and securing the enterprise environment – and in working towards compliance with regulation as it continues to evolve.
https://pages.pwc.ch/core-contact-page?form_id=7014L000000PnZsQAK&embed=true&lang=en
Building trust to succeed
Trust in a team that truly helps your organisation transform by designing, implementing, and continuously monitoring the right cybersecurity solutions. Together, we create sustainable value and trust – now and in the future.
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Contact us
Senior Manager, Cybersecurity and Privacy, PwC Switzerland
Tel: +41 58 792 29 68