The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard.
The research showed 91% of respondents report feeling concerned about cybersecurity threats to their organization, and 86% are aware of incidents within their industry in the past year.
Compliance pressure grows among organizations
Organizations are under constant pressure to adopt more proactive and strategic approaches to compliance. To accomplish that goal across the UK, EU, and beyond, new and updated regulations or frameworks like the Digital Operational Resilience Act (DORA), Network and Information Security Directive 2 (NIS2), and the EU AI Act share a common purpose: improve cybersecurity and operational resilience while ensuring responsible AI use.
These regulations require prioritisation to avoid penalties. They are also opportunities for companies to strengthen their risk posture and improve operational workflows and processes while using technology more responsibly.
Executives may view periodic updates as “real-time,” while practitioners often rely on manual processes and spreadsheet-based reporting, which are often far from real-time. 92% of executives say they have real-time insights into compliance posture compared to just 69% of management professionals, highlighting the disconnect between perceived timeliness of data and the operational reality.
90% of professionals surveyed report conformance with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload. Infosec professionals feel the weight of compliance efforts most, with 38% expecting to be impacted to a great extent, compared to 29% of risk management professionals and 28% of IT professionals. Increased workloads could potentially lead to a greater risk of noncompliance as teams struggle to stay afloat on daily tasks.
A long road to compliance
Compliance with NIS2 is reported to be a high priority amongst organizations surveyed (61%). However, only 52% of organisations report being compliant, while another 44% plan to meet requirements by the end of next year.
Many organizations have significant work ahead of them on their journey to compliance. Even those claiming to already be in compliance with the EU AI Act are missing essential elements of compliance that could leave them vulnerable. While 63% of those claiming compliance report having transparency measures in place, 55% say they have implemented risk management frameworks, and just over half (51%) execute comprehensive risk assessments.
83% of professionals are concerned about third-party AI use in regard to compliance with the EU AI Act. However, even more of those surveyed (91%) do feel that the EU AI Act will positively impact their organisation’s use and development of AI applications.
“At a time when there are more cyber threats than ever before, ensuring compliance with new regulations remains a top priority for our business,” said Karen Albert, VP of Internal Audit at Constellium.
“We found that by leveraging purpose-built technology, professionals in all levels and functions can make more effective decisions and more efficiently execute efforts required to maintain compliance,” said Jason Sechrist, Director of Product Solutions, EMEA at AuditBoard.