Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Report Questions Effectiveness of Fed’s Attempts at Wrangling Incident Disclosure

May 2024 by Swimlane

According to a newly released report from Swimlane, only 40% of organizations feel fully prepared to meet the compliance demands of rising cybersecurity regulations. In the report “Regulation vs. Reality: Are the Fed’s Attempts at Wrangling Incident Disclosure Effective?”, organizations still feel unprepared for new regulations despite 93% of organizations rethinking their strategies and 92% increasing budgets.

In light of landmark developments like the SEC’s incident rules on cybersecurity incident disclosure and the EU’s Cyber Resilience Act (CRA), Swimlane sought to investigate how the shifting cybersecurity regulatory environment influences security budgets and compliance strategies. Swimlane surveyed 500 cybersecurity decision-makers at enterprise companies with at least 1,000 employees in the United States and the United Kingdom.

“Geopolitical turmoil and complex regulations have made cybersecurity a strategic imperative," said Michael Lyborg, CISO at Swimlane. "While regulations are driving strategy shifts and increased budgets, the talent shortage and fragmented infrastructure remain obstacles to compliance and resilience. To succeed, organizations must find the right balance between human expertise for complex situations and AI-enhanced automation tools for routine tasks. This will alleviate operational strain and ensure security professionals can focus on the parts of the job where human judgment is irreplaceable."

Key Takeaways
• Regulations Fuel Strategy Shifts: An overwhelming majority of organizations (93%) report rethinking their cybersecurity strategy in the past year due to the rise of new regulations, with 58% stating they have completely reconsidered their approach. The strategy shifts are also impacting the roles of cybersecurity decision-makers, with 45% citing significant new responsibilities.
• Spending Rebounds: 92% of organizations reported an increase in their allocated budgets. Among these organizations, a significant portion (36%) witnessed budget increases of 20% to 49%, and a notable 23% saw increases exceeding 50%.
• Compliance Uncertainty Persists: Many organizations still express doubts about their compliance readiness, with only 40% feeling confident their organization has made the necessary investments in resources, tools, and personnel to comply with relevant cybersecurity regulations fully. A concerning 19% said their organization has done very little.
• Incident Reporting Could Slow: A considerable portion of companies (56%) stated they could report security incidents to investors, boards, and regulators within just 1-2 business days. However, 45% of respondents report increased reporting time over the past year.
• Preparing for the Cyber Resilience Act: When asked about their confidence in their organization’s current ability to meet the CRA’s key requirements, only about one-third of respondents expressed full confidence.
• Consensus on AI Regulation: A substantial majority (83%) of respondents believe there should be regulations on the development and use of AI. When asked about the biggest challenges they currently face in adopting or expanding the use of AI within the organization, most respondents (58%) cited balancing the need for data collection and analysis with maintaining adherence to data privacy regulations and user trust.

“Spending over a decade working at government agencies including the Dept of Defense and Dept of Homeland Security I was able to see firsthand the vital importance of robust cybersecurity for national security infrastructure,” said Cody Cornell, co-founder and chief strategy officer of Swimlane. “This urgency is reflected in the recent surge of regulations. However, our research shows a clear disconnect between the strategic changes organizations are making and their confidence in achieving full compliance. This highlights the need for a comprehensive approach that addresses not just technology investments but also talent, training, and streamlined workflows to navigate the dynamic regulatory environment.”

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts