TÜV SÜD’s Post

When looking at the various #EuropeanUnion publications on #cybersecurity, we can observe that the Union is aiming at balancing robust protections with the need for innovation and international cooperation. The EU's strategic focus on enhancing cybersecurity through comprehensive frameworks and regulations such as the NIS2 Directive, Cybersecurity Act, and AI Act demonstrates its commitment to addressing evolving cyber threats. However, this ambitious regulatory agenda also faces some significant challenges and potential pitfalls. The EU's approach to cybersecurity is multifaceted, addressing infrastructure protection, data privacy, and emerging technologies. Regulations like the NIS2 Directive and the Cybersecurity Act aim to establish high security standards across essential services and critical infrastructure sectors. Initiatives such as the Joint Cyber Unit principally demonstrate a proactive stance towards coordinated incident response, and the strong emphasis on data protection, exemplified by the GDPR, sets a high bar for privacy standards. And yes, I am aware of the fact that the "#ChatControl initiative" has sparked significant controversy and criticism, but this will be addressed in a separate post. However, on the flip side of the coin, we will find several potential drawbacks and risks. The effectiveness of EU regulations will largely depend on the consistent and rigorous implementation across member states. The varying cybersecurity capabilities and resources among member states could lead to uneven enforcement and compliance, undermining the overall security posture and also resulting in different market conditions for companies in various countries. While regulations in general aim to enhance security, they may also impose significant compliance costs on businesses, particularly small and medium-sized enterprises (SMEs). The regulatory landscape must strike a balance between ensuring security and fostering technological innovation. Overly restrictive regulations could hinder the development and deployment of emerging technologies like AI and quantum computing, which are potentially critical to future economic growth. Cybersecurity is a global issue, and the EU's regulatory efforts must align with international standards and practices. However, potential conflicts with other major cybersecurity regimes, such as those of the United States and China, pose challenges. The rapidly changing nature of cyber threats necessitates regulatory frameworks that are flexible and adaptive. Static regulations may quickly become outdated, leaving critical gaps in security. The EU must ensure its regulatory mechanisms can evolve in response to new threats and technological advancements without unnecessary administrative delays. See 1st comment for relevant publications.

Navigating the Challenges of Cybersecurity in the Modern Data Landscape With exponential growth in data, addressing the related privacy, risk and security implications on the data landscape needs to be a top priority for digital trust professionals. https://lnkd.in/g2DkcY89

Myanmar’s Digital Coup - How the World Responded This is a hybrid seminar. Date: February 18, 2025 (Tuesday) Time: 5:30 for 06:00 - 07:00 PM (AEST)/01:30-02:30 PM (Yangon Time) Venue: Level 13, 356 Collins Street, Melbourne VIC 3000 Free limited seats (first come, first served) to register click the link https://lnkd.in/ekuYqwS5, register and scroll down until you see "In person: AMI Member" & register Register Zoom Meeting: click here  https://lnkd.in/ekuYqwS5, register and scroll down until you see "Webinar: AMI Member Online" then register. February marks four years since Myanmar’s junta seized power in a violent and deadly coup. Four years on, the military’s firm grip on Myanmar’s telecommunications infrastructure empowers them to weaponise internet shutdowns in regions where anti-coup resistance is strong and, operating under the guise of egovernment projects, the regime raises funds and collects resources to strengthen its extensive surveillance infrastructure. In a new book Myanmar’s Digital Coup - How the World Responded (Palgrave Macmillan, 2024), former Australian Ambassador to Myanmar Nicholas Coppel and cyber expert Lennon Chang explore the nature, scope, merits and limits of international responses to Myanmar's February 2021 coup, and analyse how technologies in the digital age have been used by both the military junta and the resistance movement to control information, the transfer of funds and to pursue accountability. Nicholas Coppel CSI is President of the Australia Myanmar Institute and a former senior career diplomat. He was Australia's Ambassador to Myanmar from 2015 to 2018. Between 2011 and 2013, he headed the 500+ person Regional Assistance Mission to Solomon Islands (RAMSI) in restoring law and order and governance in Solomon Islands after a period of ethnic tensions. He was awarded the Cross of Solomon Islands in 2017. Lennon Y.C. Chang is Associate Professor, Cyber Risk and Policy, in the Centre for Cyber Resilience and Trust and the School of Information Technology, at Deakin University. His research focuses on the intersection of law and technology, cybercrime and cyber security, disinformation campaigns and foreign interference. He co-founded Cyber Baykin: Myanmar Cyber Security Awareness Campaign. Professor Nicholas Farrelly is a Pro Vice-Chancellor at the University of Tasmania, where he was previously Head of Social Sciences. Earlier in his career he held academic positions at the Australian National University, including as Associate Dean in the College of Asia and the Pacific. A graduate of the ANU and the University of Oxford, where he was a Rhodes Scholar, Nicholas is on the board of the Australia-ASEAN Council and is also a Director of Australia’s National Accreditation Authority for Translators and Interpreters. He is a co-author of “Comprehensive Strategic Partners: ASEAN and Australia after the first 50 years” published in 2024.

Cybersecurity is one of the preconditions of #economicsecurity. In a recent European Union Agency for Cybersecurity (ENISA) survey, 57% of European SMEs said that they fear going out of business in the first week after a cyberattack: https://lnkd.in/gvNFpbCn. The threat scenario is not in the least reassuring. There is an exponential rise in breaches, more than two-thirds of which (68%) involve human error. There are more sophisticated supply chain attacks and a big spike in #cyberattacks using valid user credentials. Bank fraud is a big concern and the growing recourse to deep fakes and impersonation technology can only make matters worse. All this explains why the issue is a top priority in Europe with a host of recent legislative and non-legislative actions focused on harmonizing standards, procedures for incident notification, or collaborative preventive measures. The European Commission is now laser-focused on implementation. Risk assessments are key, and the drive to have stronger coordination in the EU is real. At this week’s Round Table on the Cyber and Economic Security Nexus, we had a fascinating discussion on how to prioritize what is done in the next five-year #EU cycle. Pressing needs exist in the area of #skills, given the shortage of 260,000 – 500,00 cybersecurity specialists in Europe (source: https://lnkd.in/gkMQeUVx). Solutions exist, like the Cyber Skills Academy aiming to coordinate existing #skills initiatives around Europe, but the target is a moving one. What is more, the race for talent is a global one while a historical flaw still needs to be corrected, that of treating #security as an afterthought. There is also a need to support #SMEs in getting better equipped for what is coming. The cost of compliance reporting should be reduced to the maximum, so as not to take funding away from security solutions. Establishing a single-entry point for all notifications required under the #NIS2, the #GDPR and the e-Privacy Directive is essential. Overall, the EU needs to scale up its approach because it is not only about doing the right thing but also about doing it in the right proportion. The #economicsecurity angle helps in by providing the overarching policy umbrella, leading to greater coherence of actions by different departments and agencies. European Policy Centre Georg Emil Riekeles Fabian Zuleeg Riccardo Bosticco DIGITALEUROPE EU Digital & Tech

2024 Report – State of Cybersecurity in the Union The “2024 State of Cybersecurity in the Union” report, prepared by European Union Agency for Cybersecurity (ENISA), provides a comprehensive assessment of the evolving cybersecurity landscape within the European Union. It identifies significant trends, #emergingthreats, and the readiness of member states to counteract these challenges in an increasingly #digital and interconnected world. By examining key incidents, sectoral vulnerabilities, and technological developments, the report highlights the critical role of collaborative efforts and #strategicinvestments in securing the Union’s #cyberinfrastructure. Among the report’s critical observations is the increasing sophistication and frequency of #cyberattacks. Targeted ransomware campaigns, #supplychain vulnerabilities, and the exploitation of #emergingtechnologies such as artificial intelligence and quantum computing pose unprecedented risks. Furthermore, critical sectors such as healthcare, energy, and finance remain under constant threat, exposing gaps in current defense mechanisms and regulatory frameworks. The report underscores the importance of cross-border cooperation in addressing these challenges. By fostering a unified approach to #cybersecurity, the EU can bolster its collective resilience against adversaries operating across jurisdictions. Additionally, investments in capacity-building, enhanced incident response systems, and upskilling the cybersecurity #workforce are deemed essential to addressing the #skillsgap and improving preparedness. The “2024 State of Cybersecurity in the Union” illustrates a rapidly evolving threat landscape that demands coordinated, innovative, and scalable solutions. Cybersecurity is no longer an isolated domain but a cornerstone of the EU’s #digitaltransformation, #economicstability, and societal resilience. As #cyberrisks grow more complex, the Union must prioritize harmonized regulatory approaches, robust public-private partnerships, and continuous innovation to secure its #digitalfuture. The report calls for a collective vision where cybersecurity is embedded at every level of governance and technological advancement, ensuring the EU remains a global leader in protecting its #digitalassets and citizens. This shared commitment to resilience, preparedness, and adaptation will be pivotal in shaping a secure and sustainable #digital #Europe.

International Security in the Cyber Era: International security in the cyber era has become an increasingly complex and critical challenge, as the world is more interconnected than ever before. The rapid advancement of technology has ushered in a new age where cyber capabilities play a pivotal role in shaping the geopolitical landscape. This paradigm shift has blurred the lines between traditional notions of warfare and conflict, as nation-states, non-state actors, and even individuals leverage cyberspace for strategic objectives. In this dynamic environment, the traditional concept of security has expanded to encompass not only physical threats but also virtual ones that target critical infrastructure, sensitive data, and even democratic processes. One of the primary features of the cyber era is the asymmetry in cyber capabilities among states, creating a power dynamic that is not solely determined by military might. Smaller and technologically advanced states or non-state actors can potentially pose significant threats to larger and more conventionally powerful nations. This asymmetry challenges the traditional norms of deterrence and defense, as the battlefield extends into the digital realm where attribution is often elusive. The lack of clear rules and norms in cyberspace exacerbates this challenge, making it difficult to establish internationally accepted norms of behavior. The interconnected nature of the global economy further complicates the landscape of international security in the cyber era. Critical infrastructure, such as energy grids, financial systems, and healthcare networks, is often interconnected and dependent on digital systems. A successful cyber attack on one nation's critical infrastructure can have cascading effects that reverberate across borders, leading to economic instability and potential social unrest. As a result, the protection of critical infrastructure has become a shared responsibility, necessitating international cooperation and collaboration to establish cybersecurity standards and best practices. The rise of state-sponsored cyber attacks adds another layer of complexity to the international security landscape. Nation-states increasingly employ cyber capabilities for intelligence gathering, economic espionage, and even political interference. Attribution in cyberspace remains a significant challenge, creating a level of ambiguity that complicates diplomatic and legal responses to malicious cyber activities. The absence of clear rules of engagement in the cyber domain raises questions about how states should respond to cyber attacks, further highlighting the need for an international framework to govern state behavior in cyberspace.

🇪🇺 Summarizing The NIS2 Framework for (AI) Cybersecurity in Europe 🔍 NIS2 = "Network and Information Security Directive 2" The NIS2 Directive is the EU’s strengthened framework for cybersecurity, building on the original NIS Directive to establish a high common level of security across essential and important sectors. Its purpose is to enhance resilience across member states, protecting key services like healthcare, finance, and digital infrastructure from evolving threats. 📢 Key Takeaways: 1. In relation to AI adoption in Europe: NIS2 is highly relevant for AI training and inference in Europe because it mandates stringent cybersecurity measures for entities handling critical data, ensuring that AI systems processing sensitive European information are safeguarded against cyber threats. This framework supports the protection of European data sovereignty and compliance with EU regulations, which is crucial for sectors relying on secure, trustworthy AI applications. 2. Broader Scope, Greater Responsibility: NIS2 now applies to more sectors and classifies organizations as “essential” or “important.” These entities must meet high standards, reinforcing cybersecurity as a priority across industries. 3. Mandatory Incident Notifications: Companies must report incidents impacting service provision promptly to authorities, ensuring fast, coordinated responses to minimize potential cross-border impacts. 4. CEO Accountability & Compliance Risks: Senior management, including CEOs, is held directly accountable for implementing and overseeing cybersecurity. Non-compliance risks are significant: organizations face fines of up to €10M or 2% of global revenue for essential entities. Executives may also face public disclosure of breaches and even temporary bans from managerial duties. Ignoring NIS2 responsibilities can harm both the company’s reputation and executive careers. 5. Comprehensive Risk Management: NIS2 mandates comprehensive measures, from securing supply chains to implementing multi-factor authentication, to address cyber and physical threats. For executives, NIS2 compliance is more than a regulatory obligation - it’s an essential step to safeguard Europe’s digital landscape and maintain public trust. #NIS2 #Cybersecurity #DigitalEurope #ExecutiveLeadership #RiskManagement #Europe #AIops #MLops #ArtificialIntelligence

🌐 Navigating Cybersecurity Risks in the EU: Legal and Strategic Imperatives for Businesses 🌐 In today’s digital-first world, companies face an evolving and increasingly complex cybersecurity landscape. With geopolitical tensions, regulatory proliferation, and the rapid adoption of emerging technologies, the risks have never been higher. Recent insights from the Global Cybersecurity Outlook 2025 underscore that 72% of organizations reported a rise in cyber risks, driven by sophisticated cybercrime, supply chain vulnerabilities, and AI-powered threats. It is crucial for businesses to proactively address these challenges. Here are some key takeaways for organizations operating within the EU: 🔒 Regulatory Compliance Matters: The NIS2 Directive and other legislative frameworks mandate stricter standards for supply chain oversight, board accountability, and incident reporting. Yet, 69% of organizations struggle with fragmented regulations. 💻 Emerging Technologies: The rapid deployment of AI and other technologies has created vulnerabilities. Businesses must implement robust risk assessments and governance frameworks to secure these innovations. 🤝 Collaboration is Key: Strengthening partnerships across sectors and aligning with public and private entities can mitigate the complexities of interdependent supply chains and bolster ecosystem resilience. 📑 What’s Next? To thrive in this evolving landscape, companies must embed legal risk management into their cybersecurity strategies. It's not just about compliance — it's about creating a culture of resilience and trust. #Cybersecurity #LegalRiskManagement #EmergingTechnologies #AI #EURegulations

🌞 Good Morning! Today we launch #RISK Digital UK/EU, a livestream experience event that will examine the changing risk landscape in a content rich, knowledge sharing environment. Our morning agenda includes: 📍9:30 AM (BST) - Balancing Privacy and Innovation: UK and EU Perspectives - This session will explore how businesses can innovate while adhering to stringent privacy regulations in the UK and EU. 📍10:00 AM (BST) - The Future of Data Sovereignty in Europe - A deep dive into data sovereignty, examining the UK's approach post-Brexit and comparing it with the EU's strategies. 📍10:30 AM (BST) - AI through the Third Party Risk & Compliance Lifecycle - Discover how the most innovative organizations are adopting AI to proactively mitigate risk, reduce human error, and strengthen overall digital and operational resilience. 📍11:00 AM (BST) - Cybersecurity in Critical Infrastructure: Lessons from the UK and EU - This panel will cover recent cyber threats and incidents in the UK and EU, strategies for securing essential services and the role of public-private partnerships in enhancing resilience against cyberattacks. 📍11:30 AM (BST) - Activism as a Driver of Change for Business - Explore the profound impact of NGO campaigning on businesses, illustrating how it reshapes the operating landscape and compels companies to adapt. 🎟 It's not too late to join! Take your virtual seat here: https://lnkd.in/eN8Fshir #RISKDigital #PrivSec #Privacy #Security #DataProtection #CyberSecurity #ThirdPartyRisk #Compliance #AI

12 key trends that will shape the cybersecurity and compliance landscape in 2025 Kiteworks has released its 2025 forecast report for managing data privacy and compliance risks. Highlights from the 12 key trends are: By 2025, 75% of the global population will be covered by privacy laws, pushing organizations to rethink data governance. As AI continues to revolutionize industries, the risks around data security and ethical usage are growing exponentially. With vulnerabilities in third-party ecosystems on the rise, organizations need to prioritize robust risk management strategies. Streamlining tools and platforms can reduce breach risks and improve efficiency. This report isn’t just about identifying challenges. It’s packed with actionable insights to help businesses navigate the evolving digital landscape. 👉 Access the full report below and start preparing for the year ahead