businesses, with total losses over the past five years reaching £ 44bn. The threats of operational disruption, reputational damage and financial loss are a constant risk for many organisations.

The stakes are set to rise even higher with the introduction of new legislation. Non-compliance could result in fines of up to £ 100,000 per day or 10 % of global annual turnover, whichever is higher.

Adding to the complexity, third party involvement in data breaches has doubled over the last year and is now seen in 30 % of all cyberattacks. As a result, beyond public services and utilities, over 1,000 IT service providers and suppliers will soon fall under regulatory scope, requiring companies to assess and ensure the cyber hygiene of their entire supply chain.

Upskilling across technical and non-technical roles will be critical to prepare – below I outline why it’ s important, and what steps organisations should be taking now to get ready.

Expanded reporting requirements will also raise the bar. Businesses will need to report a broader range of cyber incidents – including ransomware attacks, network breaches and service disruptions – with strict timelines of 24 hours for initial notification and

www. intelligentcio. com INTELLIGENTCIO EUROPE 47