Skip to content
Gastronomic-Paradise

Security experts call for tighter government oversight in the field of cybersecurity

Majority of Industry Professionals Prefer Stricter Cybersecurity Legal Regulations, According to Recent CIISec Survey

 and  Administrator
2 min read
Strict regulations are desired by the majority of security experts, according to CIISec's report.
Strict regulations are desired by the majority of security experts, according to CIISec's report.

Security experts call for tighter government oversight in the field of cybersecurity

The Chartered Institute of Information Security (CIISec) has released the findings of its latest survey, titled State of the Security Profession, which gathered insights from CIISec members and the wider security community.

According to the survey, more than two-thirds (69%) of industry professionals argue that current cybersecurity laws are not strict enough. This sentiment is echoed by Amanda Finch, CEO of CIISec, who suggests a more collaborative approach to security, ensuring the board is aware of the risks and included in major decisions.

Finch shared some early findings in a blog post last week, revealing that the report focuses heavily on regulation this year. New laws like NIS2 and DORA make senior leadership personally liable for serious infractions for the first time.

The EU AI Act, DORA, NIS2, the UK Data (Use and Access) Act, and the UK Cyber Security and Resilience Bill are some of the recent security-related regulations. The Cyber Security and Resilience Bill is expected to apply to 1000 UK firms, and as part of the Bill, the UK government is pushing to ban ransomware payments for certain public sector and critical infrastructure organizations.

The survey also reveals that 91% of respondents believe that the board should be held responsible for breaches, while less than a third (31%) point to CISOs. Interestingly, only 34% of respondents argue that specific employees who breach policy should be held responsible for their actions, with over half (56%) saying senior management should face sanctions, prosecutions, or fines for serious cyber incidents.

The UK government also plans to roll out a mandatory incident reporting regime with penalties for organizations that refuse. However, the search results do not contain specific information on which government officials or executives of the 1000 UK companies affected by the Cyber Security and Resilience Bill are made personally liable by the law.

Amanda Finch emphasizes the need for more learning for cybersecurity professionals, improved understanding of regulations, and developing better communication of risk to stakeholders outside of the security function. She believes that these measures are necessary to ensure a more secure digital future.

The Cyber Security and Resilience Bill is still making its way through parliament. The survey's findings suggest that the profession is eagerly anticipating the impact these new regulations will have on their work and the industry as a whole, with DORA, NIS2, and the Cyber Security and Resilience Bill being cited by respondents as having the "most significant impact on the profession".

Read also:

Related

Latest