It’s estimated that the global cost of cybercrime from 2024 to 2028 will rise by nearly 50%—from $9.22 trillion to $13.82 trillion.
This is a worrying trend for all kinds of businesses, considering that larger cybersecurity budgets will be needed to curb this crime. With 31% of chief information security officers (CISOs) reporting a lack of funding, many businesses may be exposed to cyberattacks.
The increase in cybercrime is also forcing policymakers to enact or improve current cybersecurity regulations and laws.
In this article, I explore emerging trends in cybersecurity regulations and laws that businesses need to be aware of. You’ll discover which regulations governments are likely to enact or strengthen.
The big question is: Will your organization be ready to comply with these upcoming changes? Read on to learn what laws and regulations are likely to impact your organization.
Cybersecurity Regulations of Emerging Technologies
Emerging technologies such as artificial intelligence (AI), cloud computing, and the Internet of Things (IoT) usher numerous benefits. For instance, AI can be used to automate previously human-executed tasks, such as handling live chats on e-commerce websites.
Introducing these technologies presents unique cybersecurity risks and ethical concerns in the case of AI. For example, these technologies may be vulnerable to risks such as data breaches that can negatively impact businesses, governments, and individuals.
Policymakers will enact legislation to regulate emerging technologies to help mitigate these new cybersecurity risks. In Europe, this has already started with the introduction of the proposed Artificial Intelligence Act (AIA).
The U.S. National Institute of Standards and Technology (NIST) is consulting with businesses and the public to facilitate the creation of safe, secure, and trustworthy AI systems. This mammoth and necessary emanated from the October 30, 2023, President Biden’s Executive Order on the safe, secure, and trustworthy development and use of artificial intelligence.
Similar initiatives can be expected in many parts of the world where these technologies operate. Moreover, policymakers will continue to adapt the cybersecurity regulations to stay current with the dynamic nature of these technologies.
Cybersecurity Regulations to Enhance Supply Chain Security
The increased interconnectedness of businesses globally complicates supply chains. As such, there are more networks involved, increasing the potential for cyberattacks. A single attack on a supplier’s network could compromise the security of numerous organizations.
Governments are and will continue to enact laws and regulations to help fortify supply chain security, especially in vital sectors like healthcare, defense, and finance. The regulations will focus on key areas like third-party risk assessments, secure software development practices, and vulnerability disclosure programs.
The EU’s Cybersecurity Act of 2019 has set the tone by requiring cybersecurity certification for products and services. In the US, the Executive Order on Improving the Nation’s Cybersecurity of May 12, 2021, requires enhanced information sharing between the government and private businesses.
With the global supply chain being connected, many other countries and their private sector counterparts will work together to establish regulations that strengthen the security of supply chains.
Cybersecurity Regulations of Critical Infrastructure Security
Services such as power generation, healthcare, and financial systems are essential for life. For proper operation and control of these services, critical infrastructure such as computers and networks are required.
With increased digital transformation, this infrastructure can be exposed to cyberthreats. A successful cyberattack can have negative implications for areas such as national security, businesses, and public safety.
Because critical infrastructure may be interconnected, a successful cyberattack on one industry may cascade to others.
Governments across the globe recognize the potential damage cyberattacks can have on critical infrastructure. That’s why the EU has the Directive on Security of Network and Information Systems (NIS2) to encourage swift incident reporting and establish robust risk management, amongst others.
Many governments are enacting regulations to enhance the security of critical infrastructure. For instance, the US recently enacted the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) to encourage swift reporting of cyber incidents.
Cybersecurity Regulations to Strengthen Data Protection
Globally, an average of about 9 billion records per month are breached from 2,370 publicly disclosed incidents. The average monthly number of breached records in 2024 exceeds the total in 2023.
With increasing data breaches, cybercriminals may access more people’s sensitive personal information. More people are now becoming aware of their data privacy rights. This puts pressure on governments to ensure that people’s personal information is secure.
Businesses by themselves want to minimize the cost of their operations, and many might not willingly implement better security measures. This is why governments continue to enact stronger regulations to protect their citizens’ sensitive personal information.
Numerous countries and regions have already created laws that regulate people’s data privacy. The popular ones are the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
Thailand has introduced and adopted the Personal Data Protection Act in 2019. More countries are expected to establish laws and regulations aimed at protecting every individual’s data privacy amid the increase in data breaches. More countries are expected to enact their data privacy laws going forward.
Conclusion
Is your organization ready to adapt to comply with the coming cybersecurity regulations? If not, it’s time to prepare your business.
Our aim is to help businesses like yours to comply with all kinds of cybersecurity laws and regulations. Contact us today for a no-obligation, free consultation.