Compliance with NIS2 and DORA is imminent, highlighting the increased importance of cyber security. However, to truly thrive, we need to combine regulation and innovation, to move beyond the status quo and anticipate future technological advances. In short, combining prediction and cyber security.
The deadlines for compliance with NIS2 and the Digital Operations Resiliency Act (DORA) are fast approaching. Cybersecurity regulations are now at the center of concern for many companies. The NIS2 and DORA initiatives promise progress for Europe in terms of cybersecurity. However, to truly transform the global cybersecurity landscape, one essential ingredient appears to be missing: foresight. Certainly, regulation responds to specific needs, but that doesn’t mean it can’t be visionary. Currently, industry leaders are often at a loss when it comes to new technologies and face a major challenge as innovation evolves faster than regulation.
Driven by uncertainty
If the recent discussions at Davos have taught us anything, it’s that IT and political leaders put regulations into their agendas out of fear, not a desire for change. What they fail to consider is that regulation and innovation can work together to move us forward at a much faster pace and with less risk. The regulatory process is cyclical: it is based on a standard that develops in response to existing technology and is therefore, in many respects, predictable. Moreover, AI-based 5G illustrates the type of technology that will require new regulations, especially as it evolves towards 6G and a host of new features.
Regulation plays an active role in technology development as it enables companies to move from simple incident response to more complex strategic planning. However, it must be recognized that the regulations do not encourage them to innovate. On the contrary, it simply requires them to respect the status quo.
Real innovation comes from market players and managers who completely review their copy to gain competitiveness and achieve better results. A company specializing in the production of food and beverages will usually prioritize technologies that will improve production processes rather than safety. But with such a limited perspective, will he miss a real opportunity? Affected companies often view regulation only as a means to comply with the system, rather than thinking about how it could help them modernize their operations and create new opportunities. They tend to apply it only after a “Titanic moment” that causes a ship to sink when it should have been unsinkable, or because without imposing these regulatory provisions they risk non-compliance. In this context, regulation acts as a catalyst to accelerate the technological development of companies, whose first priority is to remain operational, sell, manufacture and manage other non-security aspects of business.
A visionary spirit
Indeed, regulations play an important role in advancing knowledge and understanding, and in establishing greater limits, controls and reporting. But this alone cannot help businesses keep up with the pace of technological change and innovation we are currently facing.
As things stand, regulation is unlikely to help improve global security. Without a long-term vision and encouraging innovation, it will never achieve the kind of global security that will allow us to move beyond the status quo. Although it serves to protect companies that are less focused on solving problems and more focused on progress, it is certainly not enough to make changes happen on a larger scale.
To truly drive innovation in cybersecurity, it must be accompanied by regulations that will encourage companies to modernize at the pace of new technologies. This will require a lot of foresight, but leaders cannot stick to the status quo if the next ten years are anything like the last.
__________________________
Per Nathan Howe, innovation director at Zscaler