We need better regulatory tools for cyber resilience

A sprawl of EU legislation, the CSA, NIS2, the CRA, DORA, the NWWR and more to come, are all rolled-out with the ambition to improve and enforce cyber security. However, the GDPR taught us that in absence of clear norms and standards, companies tend to focus on avoiding fines rather than improving the privacy for data subjects. Given the continuous increase of cyber threats and society’s increasing dependency on digital products and services, it is clear that with these new laws ahead, this time cyber security must come first. Legal compliance must be a result of doing the right things and doing things right. In addition, authorities that supervise these new laws must have instruments to quickly determine if companies don’t just have their legal paperwork in order, but also have their cyber security up to par.

This is why a swift adoption of assurance and assurance standards will become the essential, if not the crucial instrument for organizations to realize cyber resilience, and for authorities to have instruments to determine conformity with ease. In this session, the Online Trust Coalition outlines the compelling need for the creation, adoption and harmonization of such assurance standards for a wide range of cyber resilience legislations.