Lorenzo Marchetti, Public Affairs Manager at Everbridge, discusses the future of resilience in security. 

Businesses are frequently impacted – often to their displeasure – when new laws and regulations are enacted.

Undoubtedly, the landscape of security and regulatory compliance is becoming increasingly complex nowadays, with an unprecedented and growing array of threats that organisations are compelled to navigate.   

This necessity is underscored by recent directives, such as the Critical Enterprise Resilience Directive (CER), Digital Operational Resilience Act (DORA), NIS2 directive in the European Union (EU) and Martyn’s Law Operational Resilience Policy of the Bank of England in the United Kingdom, which all set the stage, from different perspectives, for a comprehensive framework aimed at ensuring organisational robustness.  

The current security landscape  

The current security landscape is marked by a series of high-profile physical, cyber and hybrid attacks that have exposed vulnerabilities and ignited calls for stringent regulatory measures.

A prominent example is the 2022 Nord Stream pipeline incident, which saw significant damage to crucial energy infrastructure in Europe, disrupting supply chains across the continent and furthering geopolitical tensions.  

Cyber-attacks in the electricity sector are increasing, according to a report by the International Energy Agency.

As utilities adopt digital technologies to enhance operations and energy security, they become more vulnerable to cyber threats.

Significant incidents often go unreported, yet attacks have been rising rapidly since 2018, with a spike in 2022. These attacks have impacted remote controls and IT systems and led to data breaches.  

Furthermore, the ENISA Threat Landscape 2023 report highlights ransomware and DDoS attacks as predominant threats, with public administration being the most targeted sector, enduring nearly 19% of attacks.

LockBit ransomware accounts for almost half of all ransomware incidents, while phishing leads to a 10% rise in business email compromise complaints, resulting in losses of over $2.7 billion.    

DDoS attacks are widespread, affecting 13% of Cloudflare customers in 2022 and DNS request flooding increased by 93.4%.

TCP-based attacks make up 63% of attack traffic.

Alarmingly, 82% of data breaches involve human factors, stressing the need for enhanced security awareness.

According to the IBM 2024 report, the average cost of a data breach has soared to an unprecedented $4.88 million.   

New framework for resilience  

Given the landscape, these regulations are not merely bureaucratic requirements; they represent a strategic shift towards a more resilient corporate infrastructure.

The Critical Enterprise Resilience Directive emphasises the importance of maintaining operations under duress, while DORA and NIS2 enhance cybersecurity measures across industries that are considered vital for the society, such as energy and financial services.

Meanwhile, Martyn’s Law aims to strengthen security protocols in public venues, recognising the evolving nature of threats in crowded spaces.  

Their collective goal is clear: to establish a robust framework that ensures continuity and safety.

This framework mandates that companies not only comply with these regulations but also integrate them into their operational DNA, thereby improving their ability to withstand disruptions.  

Technology as a cornerstone of Operationalisation of Compliance  

In this context, integrating advanced technological solutions becomes crucial.

Platforms like Everbridge offer comprehensive capabilities that operationalise compliance with these directives.

By integrating with other systems, ingesting Standard Operating Procedures (SOPs) and internal policies, Everbridge helps operationalise compliance efforts, allowing organisations to prepare, respond and report swiftly and effectively to crises.  

How Everbridge plan to balance business continuity and employee wellbeing  

An effective security strategy that satisfies the current, and future, compliance requirements must address the dual objectives of safeguarding business operations and ensuring employee wellbeing. Holistic strategies that leverage technology can seamlessly support these goals.

By implementing systems that provide real-time alerts and coordinated response strategies, businesses can protect their workforce while maintaining operational integrity.   

A recent Forrester report highlighted that the deployment of Everbridge Suite increased security team productivity, gaining $1.5 million over three years. 

Prior to implementing Everbridge, the composite organisation implemented a manual and time-consuming process to identify and assess events.

By leveraging CEM, the composite organisation obtains 24/7 support and security team members gain efficiencies in managing various data sources and communicating to appropriate teams about the impact of critical events.   

Furthermore, by using technology such as Everbridge, companies will foster an environment where employees feel secure, enhancing their morale and contributing to overall productivity.

As regulations evolve, they will centre more on these aspects, so companies must prioritise both the physical and psychological safety of their teams as central pillars of their resilience strategies.  

Adapting to a changing landscape for the future of resilience  

As the regulatory environment continues to evolve, organisations must remain agile, ready to adapt to both new requirements and new threats; in a phrase, to become more resilient.

This adaptability is crucial not only for compliance but also for maintaining a competitive edge.

By investing in technologies that enhance resilience by operationalising compliance, companies can position themselves as leaders in their industries, demonstrating a commitment to innovation.  

The modern business landscape requires a proactive approach to security and regulatory compliance.

By embracing these directives and integrating robust technological solutions, organisations can build a more resilient future, ensuring both continuity and wellbeing of their employees.

This forward-thinking approach not only meets regulatory demands, but also creates a safer, more stable and resilient environment for all stakeholders.  

This article was originally published in the November Edition of Security Journal UK. To read your FREE digital edition, click here.