Talking to the Experts: Exploring Europe’s Latest Cybersecurity Regulations

With the surge in digital criminal activity and rising geopolitical tensions, robust cyber and ransomware protection has become critical. As a result, there is an increased emphasis on cybersecurity solutions, especially from regulatory bodies worldwide. For organizations in the European Union (EU), this includes the Digital Operational Resilience Act (DORA), a newly-legislated regulation designed to enhance IT security and operational resilience. Alongside DORA, The Network and Information Security Directive (NIS2) aims to bolster overall cybersecurity across the EU.  

Jeremy van Doorn, Senior Director of Technical Solutions at Palo Alto Networks, says that when it comes to preparing for the challenges ahead, companies must understand the necessary resources. This includes investing in advanced cybersecurity solutions, conducting regular risk assessments, IT budgeting, and ensuring continuous monitoring of IT systems.

DLL: Jeremy, as European companies navigate the complexities of DORA and NIS2, what key steps should they take to ensure they are well-prepared to enhance their cybersecurity efforts?  

“DORA (Digital Operational Resilience Act) is more specific, focusing on the financial services sector. It mandates that anyone connected to financial services must ensure their services are resilient. This means that if something goes wrong, they can continue delivering their services, which are critical to the environment and the population.  

The NIS2 Directive is similar but broader, covering any critical infrastructure companies essential to society. These companies must adhere to certain standards to ensure information security, preventing unauthorized access to information. The goal is to set a high bar for defending our infrastructure, whether digital or otherwise, against potential threats. These threats could include bad actors trying to infiltrate systems or incidents like the recent massive explosion in The Hague. Companies need to have a resiliency plan in place to handle such situations.”  

DLL: What is the impact for companies for being compliant with these new regulations?  

“We see that these regulations have a significant impact on customers. While they might seem like just another set of rules, they require you to be aware of what your third-party suppliers are doing and how your entire supply chain complies with these regulations. We strongly advise customers to take this seriously and hire experts. Start with a gap analysis to understand where you need to be. Read the regulations thoroughly and consult experts for interpretation, as some rules can be open to interpretation.  

Begin with the gap analysis and ensure you have a project sponsored by the board of directors or the CEO. This will help secure enough budget and allocate sufficient resources. Regular inspections should be conducted to monitor progress. Make sure to get professional help from people who can drive these programs for you.” 

DLL: And how can Palo Alto Networks play a role in this?  

“Regulations are, of course, focused on cybersecurity. As the number one cybersecurity player in the world, we offer a range of solutions to help customers navigate the cybersecurity aspects of these regulations. We provide traditional firewalls and also Secure Access Service Edge (SASE), which brings security closer to the edge.  

We also offer advice on navigating internal regulations. Our mantra is to be the cybersecurity partner of choice, which means we don't just sell solutions; we provide guidance to help customers achieve compliance with NIS2 or DORA. We assist them in understanding and implementing the necessary measures to meet these new regulations.” 

Breaking the budget “firewall” 

For many businesses, budget is a barrier when it comes to getting the cybersecurity equipment and technology. That’s where we can help! Our technology financing experts create payment plans so businesses can acquire equipment they need without the “glitches.” Contact us by emailing financingcybersecurity@dllgroup.com to learn more!

In making its decision to enter into a financial product, the customer shall rely upon its own accounting, tax, legal and other professional advisors. Without limiting the foregoing, the Finance partner shall make no representations or warranties regarding the accounting or tax treatment of the financial product.