Rules will nudge firms to take proper security measures

New approaches to cyber security, as well as new regulations, are driving increased interest at boardroom level

Michael Conway, managing director, Renaissance

Cybersecurity is, naturally enough, a fast-changing area. As new technologies are developed. Indeed, as the threat evolves what was top of the line just a few years ago can easily become not even close to enough.

Recently, artificial intelligence (AI) has risen to the top of the agenda. Perhaps surprisingly, as other forms of AI have long been in use in cybersecurity, there is a lot of buzz about large language model (LLM)-based generative AI.

“I was at RSA last week in San Francisco, and my take-away from that is that there is a lot of talk about AI. That’s where the noise is coming from, so I would expect to see development in that space: how LLMs are going to develop,” said Michael Conway, managing director of security services provider Renaissance.

“Proofpoint made an AI announcement recently, and that’s where we’re seeing the innovation and focus. People are building technologies around it. We’ll definitely see developments around that.”

Locally, and more immediately, NIS2 and DORA are the drivers in the marketplace at the moment and they are driving people to make decisions

Another factor having an impact on organisational behaviour is the regulatory landscape. This is particularly important in Ireland, where two new sets of regulations are soon to come into force, the Digital Operations Resilience Act (DORA) and the new Network and Information Security Directive (NIS2).

“Locally, and more immediately, NIS2 and DORA are the drivers in the marketplace at the moment and they are driving people to make decisions,” said Conway.

The practical result of clear regulations is that things actually get done, he said.

“If you talk to people, they often say ‘should I do this or do I have to do it?’. When it’s ‘have to’ it changes things: it’s driving cybersecurity into the boardroom because if you don’t do it, you’re no longer compliant.”

Indeed, NIS2 includes provisions for individual directors responsibility in the event of a breach, with liability in the case of failure to maintain adequate risk oversight.

While the technology is changing all the time, though, there have long been cybersecurity options available out there on the market.

The addition of regulations just ensures that people pay attention.

“Compliance is about forcing people to do what they should have been doing all the time,” Conway said.