TechNative: Turning Regulation into Resilience with Pentesting

Sam Kirkman, Director of Services for EMEA, writing in TechNative examines how rising regulatory pressure is reshaping the role of penetration testing, turning compliance requirements into a driver of genuine cyber resilience. Read the preview below or view it online.

+++

In an increasingly hostile cyber landscape, regulatory expectations are also rising.

Frameworks such as the UK’s pending Cyber Security and Resilience Bill and Europe’s Digital Operational Resilience Act (DORA), NIS2, and the General Data Protection Regulation (GDPR) are pushing organisations beyond merely withstanding cyberattacks; they now require ongoing demonstration of diligent security practices.

The cost of a lax approach to compliance is financial. Regulators are unflinching in imposing penalties on non-compliant companies. In 2023, due to unlawful data processing and profiling practices, the French advertising giant Criteo was fined €40 million. The case was not triggered by a dramatic breach but by weak compliance practices and lack of transparency, a reminder that resilience depends as much on proof of controls as on responding to attacks.

You can read the full article here.