Skip to main content

Report Questions Effectiveness of Fed’s Attempts at Wrangling Incident Disclosure

Study reveals 93% of organizations are overhauling cybersecurity strategies amid regulatory surge

According to a newly released report from Swimlane, only 40% of organizations feel fully prepared to meet the compliance demands of rising cybersecurity regulations. In the report “Regulation vs. Reality: Are the Fed's Attempts at Wrangling Incident Disclosure Effective?”, organizations still feel unprepared for new regulations despite 93% of organizations rethinking their strategies and 92% increasing budgets.

In light of landmark developments like the SEC's incident rules on cybersecurity incident disclosure and the EU’s Cyber Resilience Act (CRA), Swimlane sought to investigate how the shifting cybersecurity regulatory environment influences security budgets and compliance strategies. Swimlane surveyed 500 cybersecurity decision-makers at enterprise companies with at least 1,000 employees in the United States and the United Kingdom.

"Geopolitical turmoil and complex regulations have made cybersecurity a strategic imperative," said Michael Lyborg, CISO at Swimlane. "While regulations are driving strategy shifts and increased budgets, the talent shortage and fragmented infrastructure remain obstacles to compliance and resilience. To succeed, organizations must find the right balance between human expertise for complex situations and AI-enhanced automation tools for routine tasks. This will alleviate operational strain and ensure security professionals can focus on the parts of the job where human judgment is irreplaceable."

Key Takeaways

  • Regulations Fuel Strategy Shifts: An overwhelming majority of organizations (93%) report rethinking their cybersecurity strategy in the past year due to the rise of new regulations, with 58% stating they have completely reconsidered their approach. The strategy shifts are also impacting the roles of cybersecurity decision-makers, with 45% citing significant new responsibilities.
  • Spending Rebounds: 92% of organizations reported an increase in their allocated budgets. Among these organizations, a significant portion (36%) witnessed budget increases of 20% to 49%, and a notable 23% saw increases exceeding 50%.
  • Compliance Uncertainty Persists: Many organizations still express doubts about their compliance readiness, with only 40% feeling confident their organization has made the necessary investments in resources, tools, and personnel to comply with relevant cybersecurity regulations fully. A concerning 19% said their organization has done very little.
  • Incident Reporting Could Slow: A considerable portion of companies (56%) stated they could report security incidents to investors, boards, and regulators within just 1-2 business days. However, 45% of respondents report increased reporting time over the past year.
  • Preparing for the Cyber Resilience Act: When asked about their confidence in their organization's current ability to meet the CRA's key requirements, only about one-third of respondents expressed full confidence.
  • Consensus on AI Regulation: A substantial majority (83%) of respondents believe there should be regulations on the development and use of AI. When asked about the biggest challenges they currently face in adopting or expanding the use of AI within the organization, most respondents (58%) cited balancing the need for data collection and analysis with maintaining adherence to data privacy regulations and user trust.

“Spending over a decade working at government agencies including the Dept of Defense and Dept of Homeland Security I was able to see firsthand the vital importance of robust cybersecurity for national security infrastructure,” said Cody Cornell, co-founder and chief strategy officer of Swimlane. “This urgency is reflected in the recent surge of regulations. However, our research shows a clear disconnect between the strategic changes organizations are making and their confidence in achieving full compliance. This highlights the need for a comprehensive approach that addresses not just technology investments but also talent, training, and streamlined workflows to navigate the dynamic regulatory environment.”

Key Resources:

Methodology

The survey was conducted among 500 cybersecurity decision-makers at enterprise companies with at least 1,000 employees in the United States and United Kingdom. The interviews were conducted online by Sapio Research and under the guidance of Swimlane in March and April 2024 using an email invitation and online survey.

About Swimlane

Swimlane delivers automation for the entire security organization. Swimlane Turbine is the AI-enabled, low-code security automation platform that unifies security teams, tools, and telemetry in-and-beyond the SOC into a single system of record to reduce process and data fatigue while quantifying business value and ensuring overall security effectiveness.

Learn more: swimlane.com

Request a Demo: swimlane.com/demo

About Sapio Research

Sapio's passion is giving clients confidence in their decisions, creativity, or storylines—helping them look good and be more productive. We do this by collecting and synthesising insight from qualitative, quantitative, or secondary research data sources. We focus on three key services: audience understanding, brand research, and thought leadership research.

Our high-quality tailored insights help improve lead generation and reputation, get you closer to your audience, and gain an edge against the competition. Through understanding, honest counsel, collaboration, and a swift approach we deliver projects you’ll be proud of.

Best new agency finalist, Sapio is adept at opinion polling (we have access to 80 million people internationally), focus groups, face-to-face interviews, telephone interviews, online research, desk research and statistical modelling, to mention just a few techniques. We love B2B research and consultancy. Our business is based on partnership principles inspired by social enterprise.

Contacts

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.