How New Cybersecurity Regulations Drive Strategy and Budget Increases

Regulatory Changes Fuel Strategy Shifts and Budget Increases in Cybersecurity

As the chief information security officer (CISO) of Swimlane, I’ve closely monitored the intensifying regulatory changes over the past year. Key developments like the SEC’s cybersecurity incident disclosure rules and the EU’s Cyber Resilience Act (CRA) have been significant drivers to begin safeguarding sensitive data and critical systems within an organization. These regulations aim to address the escalating risks of cyber threats and our increasing reliance on digital products. Furthermore, the race to harness AI is prompting calls for responsible use and heightened regulatory oversight. These new cybersecurity regulations are compelling organizations, to reevaluate and reshape their strategies.

To gain a deeper understanding of the impact of these changes, we partnered with Sapio Research to survey 500 cybersecurity decision-makers from large enterprises in the US and UK. This provided valuable insights into how these organizations are adapting. You can explore our key findings from the report in our blog: AI, Cybersecurity and Compliance: A Data-Driven Perspective and download the full report for a comprehensive analysis: 2024 Regulation vs. Reality: Are the Fed’s Attempts at Wrangling Incident Disclosure Effective?

The Impact on Cybersecurity Decision-Makers

I’ve seen firsthand how regulatory changes are reshaping our industry. According to our recent survey, an overwhelming 93% of organizations have reevaluated their cybersecurity approach in the past year due to new regulatory pressures. Notably, 58% have completely overhauled their strategies. This underscores the dynamic regulatory landscape and the critical importance of robust cybersecurity measures. 

The survey reveals that 45% of cybersecurity decision-makers have taken on significant new responsibilities due to these strategic shifts. This added burden highlights the growing complexity of cybersecurity management, where we must balance compliance with proactive threat mitigation and response. 

As we navigate these changes it’s important for us, as cybersecurity leaders, to understand the evolving roles and responsibilities we face. As regulations, fast-paced trends, and new technologies like AI evolve, we have inevitably shifted from traditional security leader roles to strategic business enablers. We’re now responsible for not only security, but also driving business growth and innovation.

To succeed today, we must develop new skills while maintaining the strong fundamentals. 

• Communicate effectively with the board by tailoring your message to the members’ backgrounds and provide demonstrations that link technical risks to business impacts. 
• Engage with peers and other security executives from different industries to gain valuable insights and support. 
• Adopt a risk-based approach, focusing on being proactive and resilient since breaches and technology are becoming more sophisticated, and balance risk with cost. 
• Invest in your existing security operations (SecOps) team by providing the right training and resources. Success is about enabling your team with the best training and technology, not increasing headcount. 
• Conduct regular tabletop exercises and war games to help raise awareness and foster a culture of proactive risk management within the organization.
• Embrace automation to help manage the overwhelming amount of data and free up the team to focus on security tasks.

Check out my latest blog, “The ‘Materiality’ Mystery: A CISO’s Guide to SEC Compliance,” for more valuable insights and practical tips for security leaders.

Cybersecurity Budgetary Implications

One of the most significant outcomes of these regulatory changes is the notable increase in cybersecurity budgets. A staggering 92% of organizations have reported higher budget allocations for cybersecurity, highlighting the critical prioritization of regulatory compliance and threat management.

Specifically, 36% of these organizations experienced budget increases ranging from 20% to 49%, while 23% saw their budgets skyrocket by over 50%. Substantial budget increases are a clear indicator that organizations recognize the need for enhanced cybersecurity and they are willing to invest to meet regulatory requirements and protect their digital assets.

“The SEC pushes cybersecurity as mission critical to companies. By putting in a framework of standards and responsibility, this puts a lot of emphasis on what the cybersecurity community sees as ‘table stakes’ or ‘protecting endpoints’. A company needs to be a well-oiled machine. This is why we’ve seen such a big increase in spending. Everyone agrees on the importance of cybersecurity, but it’s about figuring out what the plan and budget is to address it.”

– Charles Constanti, Chief Financial Officer of Swimlane

In addition to regulatory changes, other factors contribute to the increase in cybersecurity spending.

• 56% to counter growing cyber threats
• 54% to invest in employee security awareness training

I’d like to highlight the above one more time… 54% of organizations plan to invest in employee security awareness training. This investment highlights the importance of educating and empowering your existing workforce. In my experience, this approach is crucial. With the proper tools and ongoing training, you can empower your organization and enhance your security posture significantly.

Additionally, 51% of organizations are increasing budgets to support expanding digital footprints, such as cloud adoption. This approach is essential for maintaining robust security in an increasingly complex digital world. We must remain adaptable, and continuously update our strategies to meet regulatory demands and emerging threats.

To successfully navigate these challenges, allocating a budget towards security automation is not just beneficial—it’s essential. This proactive step enables organizations to implement advanced technologies, conduct thorough risk assessments, and bolster their defenses against increasingly sophisticated cyber threats. 

AI-Enhanced Security Automation

It’s important to foster a culture of vigilance and adaptability across your organization. AI-enhanced automation allows security professionals to focus on complex judgment-driven issues, ensuring efficiency and compliance while enhancing resilience against cyber threats. It streamlines SecOps, improves response times, and optimizes resources, empowering your team to be more effective, regardless of size.

At Swimlane, we tackle these challenges by drinking our own champagne. We leverage AI-enhanced security automation in our security operations center (SOC) to enhance incident response and mitigate risks efficiently. Our platform helps you mitigate risks, adapt to regulatory changes, and defend against cyber threats in real-time.