The NIS2 Directive
The European Union’s NIS2 directive (to be implemented by October 2024) extends cybersecurity obligations beyond critical infrastructure to include a broader range of industries. Organisations must now establish comprehensive incident reporting, risk assessments, and resilience measures, or face severe financial penalties for non-compliance.
US SEC Cybersecurity Disclosure Rules
The US Securities and Exchange Commission (SEC) now requires publicly traded companies to disclose material cybersecurity incidents within four business days. Additionally, companies must provide an annual report on their cybersecurity risk management strategy, ensuring that cybersecurity is treated as a core business function rather than a technical afterthought.
International Counter-Ransomware Initiative
Over 40 nations, including the US, UK, and Australia, have joined forces to combat ransomware through the International Counter-Ransomware Initiative (CRI). This policy bans government agencies from paying ransom demands, establishes a shared blacklist of known cybercriminal wallets, and strengthens legal frameworks to prosecute cyber extortionists more aggressively.