5 strategies to thrive in a fast-changing cyber regulatory world

Article 14 May 2025 Read time: 1 min

News of AI-driven attacks, ransomware-as-a-service and supply chain vulnerabilities tends to blur together. Clarity about what can be done and how to do it is much needed in this discussion. Which industries are most at risk? (Spoiler alert: all of them.) Should business or technology take the lead in developing strategies for success? And as regulators tighten requirements, and new regulations over critical infrastructure continue to emerge, how do organizations integrate cyber risk into business planning?

Here, Kyndryl experts reveal five important strategies for navigating the choppy waters and changing currents of global cybersecurity regulations.

Lingraju Sawkar

President of Kyndryl India

Follow Lingraju on LinkedIn

1. Understand the evolving regulatory rules

“Cyber regulations worldwide are becoming more stringent, requiring businesses to meet compliance requirements and build long-term cyber resilience,” said Lingraju Sawkar, President of Kyndryl India. “We help organizations navigate the evolving cyber regulatory landscape by offering comprehensive risk and compliance services that assess security postures, benchmark against industry standards and provide actionable insights to mitigate vulnerabilities. For example, our Zero Trust architecture further strengthens security by enforcing least-privilege access, continuous authentication and automated threat detection. And our AI-powered global Security Operations Centers (SOCs) provide real-time threat intelligence, proactive mitigation and automated compliance reporting — so that organizations can swiftly respond to evolving regulatory requirements.”

Petra Goude

President, Kyndryl Strategic Markets

Follow Petra on LinkedIn

2. Treat cybersecurity as a strategic imperative

“Cybersecurity is no longer just a compliance issue but a strategic imperative,” said Petra Goude, President of Kyndryl Strategic Markets at Kyndryl. “As regulations evolve across markets, businesses must move beyond reactive compliance and adopt a unified, risk-based approach to data governance. To do that, global organizations will need agile frameworks that can adapt to shifting regulatory landscapes without disrupting operations.

“For companies operating in a global marketplace, there are a lot of emerging regulations to absorb and track. Brazil, Singapore, Australia, Peru, Colombia and several countries across the European Union are just a few of the nations that have introduced new legislation, and we anticipate the list will continue to grow.”

David Soto

President of Kyndryl
Spain and Portugal

Follow David on LinkedIn

3. Manage time proactively

“The compliance clock is ticking for the DORA regulation and NIS2 Directive in the EU. Meanwhile, transitioning an organization to cyber resilience is a huge endeavor, especially with the continuing rise in cyberattacks,” said David Soto, President of Kyndryl Spain and Portugal. “Organizations need to change their mindsets from ‘reaction’ to ‘recovery’ to align with regulations and maintain business continuity in the face of inevitable cyberattacks. To do this, companies must develop strategies to protect data and perform end-to-end recoveries. The best approach will be to start with a solid strategy before discussing the specific architectures and technologies that can help you accomplish your goals and meet your timelines.”

Kris Lovejoy

Global Security and Resiliency
Practice Leader

Follow Kris on LinkedIn

4. Integrate modern approaches to continuous control management and monitoring

“Traditional control monitoring falls short in today’s complex hybrid IT environments, where leaders have more risks to manage than ever before,” said Kris Lovejoy, Global Security and Resiliency Practice Leader at Kyndryl. “Organizations can integrate security and compliance into a unified approach by implementing Continuous Control Monitoring — the ongoing, automated oversight of IT systems and business processes to help drive adherence to internal risk policies and regulatory requirements. This type of integration provides real-time visibility across the technology landscape. It involves transforming team collaboration and working practices to identify and address day-to-day risks before they become operational efficiency issues. Given that only 29% of leaders feel ready to manage external risks, this approach can help strengthen their resilience and turn compliance into a strategic advantage.”

Jonathan Ingram

President of Kyndryl Japan

Follow Jonathan on LinkedIn

5. Invest in regulatory compliance and innovation

“In Japan, regulatory compliance requires significant investment to introduce zero trust and to update infrastructure and applications to the latest versions of operating systems, middleware and databases. Updated tooling helps support business outcomes by providing new ways of working with developers, which in turn helps enable greater and faster innovation,” said Jonathan Ingram, President of Kyndryl Japan. “The infrastructure modernization and introduction of new tooling will improve cyber resilience and enable innovation.”  

How Continuous Control Monitoring can help

Continuous Control Monitoring allows enterprises to integrate their security and compliance efforts. This integration enables proactive risk management, boosts cyber resilience and facilitates a comprehensive transformation of their technology, processes and work practices.

Read the report