Cybersecurity regulations
Strengthen cyber defences through strategic compliance
The rise of cyber regulations
Governments and regulators are responding with new cyber resilience regulations, ensuring enterprises and their leaders are accountable and prioritize investment in a broad range of cyber resiliency measures. Many organizations now fall within the scope of new regulations, and now is the time to act to ensure they can recover from disruptions and stay compliant wherever they operate.
Kyndryl's integrated approach to cybersecurity and resiliency, combined with our decades of experience modernizing and managing the world's mission-critical systems, can help you meet and exceed compliance requirements and protect your mission-critical systems.
Kris Lovejoy, Kyndryl Global Security and Resiliency Leader, shares her perspective on how organizations can prepare for new cyber regulations.
Resources
You have questions. We have answers.
What is cybersecurity compliance?
In response to increasing cyber threats, some governments are adopting new regulatory frameworks to bolster enterprise security. These regulations establish a standardized framework for cybersecurity and data protection. By requiring enterprises to adopt robust security and resiliency measures and to manage cyber risks effectively, cybersecurity regulations help mitigate the potential for significant financial losses and disruptions.
While much of that may sound like common sense, it should not betray the immense challenges ahead of global enterprises as they seek to comply with new regulations — especially when they exist across the globe in a non-congruent patchwork.
Why is cybersecurity compliance important?
As governments and regulators begin debating, adopting, and enforcing new cyber resilience regulations, enterprises are increasingly being compelled to prioritize cyber security and resiliency spending. That’s making the issue a top area of attention among enterprise technology leaders and the boardrooms to which they report.
Enterprises that proactively work to get ahead of new regulations will improve their overall security posture, reducing the likelihood of falling prey to data breaches and cyber-attacks. This will serve to boost trust and their reputations among stakeholders, fostering stronger relationships with customers and partners. Moreover, staying ahead of compliance requirements also provides a competitive advantage and demonstrates a commitment to cyber security and data protection.
What are some of the key cyber regulations?
Americas
2024 Canada: OSFI to publish final E-21 Guidelines - Operational Resilience and Operational Risk Management
2024 Brazil: Introduction of the Cybersecurity Regulation and Cybersecurity Authority Bill
2025 Canada: Regulators will enforce C-26 - Critical Cyber Systems Protection Act
Asia
2024 Singapore: An expectation of the final text of amendments to the Cybersecurity Act.
2024 India: Expectation that the Digital India Act will move forward (including cyber requirements); also in Australia, there is an expectation that the regulators will move to strengthen existing regulations with a focus on critical infrastructure.
2025 Japan: The Digital Agency is expected to propose draft cyber regulation, especially on incident reporting.
Europe
2024 EU: There is an expectation that the following will be finalized: The regulatory technical standards for DORA; the risk management technical details for NIS2; the Cyber Resilience Act for connected products; an amendment to the Cybersecurity Act for Managed Security Services Certification; and the Cyber Solidarity Act to create and EU-wide cyber response framework.
2024 EU: Member states enforce NIS2
2025 EU: ESAs enforce DORA; and in the UK, the Bank of England, FCA and PRA enforce Critical Third Parties for FS Sector and enforce Operational Resilience and Testing requirements.
2025 UK: The expectation of new legislation to update NIS Regulations to include MSPs.