Page 114 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 114
How do evolving regulatory frameworks influence how companies approach cyber resilience and
business continuity?
Regulatory frameworks set a baseline and targets for where we need to go on the cybersecurity journey.
Objective, third-party safety organizations add to that by bringing forward standards, guidance and
compliance support with a critical mission: help protect life, property and the environment.
These safety and risk frameworks help us champion the security and sustainability of vital infrastructures
worldwide, but evolving regulations can be difficult to navigate depending on where you are on the
journey. Generally, our clients need help in prioritizing which cybersecurity activities required by
regulation are going to contribute to their existing safety and security goals and what level of effort will
be required to implement those activities.
What’s your perspective on the role of government and private sector collaboration in improving
cyber resilience?
Cross-collaboration is essential to build a resilient ecosystem for cybersecurity. Conversations need to
happen between the sectors so that government and industry are in lock step with staying vigilant,
improving systems and processes and applying best practices. Technology innovations and knowledge
expertise from the private sector can support government agencies in improving their frontline defense.
In many cases, industry should be leading the charge on collaboration because they have a higher
concentration of expertise specific to each regulated industry.
How do technologies like AI and automation impact cyber resilience strategies?
We are in a rapidly evolving digital era where AI has the potential to transform everything in cybersecurity
and management consulting, from regulation to operating procedures. This poses both challenges and
opportunities to respond and reshape a new safety protection frontier.
AI’s ability to generate real-time insights, risk assessments and behavior monitoring will improve hazard
detection through visualization. For threat actors, the introduction of AI means that they can generate
malware quicker and rapidly develop an understanding of previously isolated, cottage operations. The
speed at which the industry needs to adopt automation implementations needs to at least match and
preferably exceed the speed at which threat actors are iterating novel approaches. Technologies that
provide predictive, actionable insights enable us to see beyond current limitations so we can find new
ways and a new operating model that will fundamentally alter the nature of safety. What this means from
a safety and risk perspective is that safety going forward will not be defined as just the absence of
accidents. It will be a new way of thinking about performance as a predictive metric for reliability,
leveraging datasets that were previously disparate and unrelated.
What trends do you predict will shape the future of cyber risk management and business
continuity planning?
Industry stakeholders responsible for operating facilities and processes in critical infrastructure
environments—such as energy and transportation—are increasingly grappling with the challenges
of technology debt. Technology debt refers to the accumulation of systems, software and hardware that
hinder operational efficiency, security and scalability. This issue is particularly acute in critical
114
