Cyber News Global: Issue 12 by Cyber News Global

Welcome to issue 12 of Cyber News

Global, we are extremely excited to share the insights of the former National Security Minister The Rt Hon Stephen McPartland, the author of the governments review for cyber security and economic growth, an exceptional report that outlines all the challenges businesses face in the ever-changing digital world we are conducting our business in. Supply chain challenges are a major issue for many organizations this is highlighted within the report, we are very grateful for the insights from The Rt Hon McPartland you will be able to access our extended exclusive interview on Let’s Talk Cyber Pod Cast channel with him.

With the ever-increasing focus on compliance and standards, CNG have brought together some of the Leading subject matter experts to share their insights on standards and regulations. Cyber Risk Management must be considered for any organisation considering how they map their Cyber hygiene.

Eliane McKechnie from i-confidential shares her insights on compliance standards that are to be considered to ensure your cyber requirements are complaint.

Specialist focuses on training and education always feature within CNG, fun and engaging Cyber Escape Rooms with Irene Coyle explore how to take the lid of your training.

International opportunities are providing the landscape for expansion, GISEC one of the world’s leading Cyber Expos feature extensively in the calendar of so many companies, we are delighted to be attending as official media partners once again in 2025.

EXCLUSIVE INTERVIEW WITH THE RT HON STEPHEN MCPARTLAND

Then there’s a bit of concern that my customers or the people I’m selling into those B2B relationships, may now be a bit more wary and want to put more restrictions or more bureaucracy on me. It is almost like a shameful hidden situation, even within the IT community, they’re often not big fans of the cyber security community. It’s seen as a way of stopping people doing stuff - just to turn my laptop on now I need to do this, this, this, and this.

CNG: recently had the opportunity to speak with The Rt Hon Stephen McPartland the author of the McPartland Review into Cyber Security as an enabler of economic growth produced for the previous government.

Who is The Rt Hon Stephen McPartland: Thank you very much for having me on Let’s Talk Cyber. I was a Member of Parliament for 14 years in the British parliament, during that time, I also spent 13 years getting board level experience at senior levels, non-execs and a variety of other roles.

Within those 14 years as a Member of Parliament, I was briefly National Security Minister. I also served on the Joint Committee National Security Strategy for three years, which oversaw the architecture of intelligence and security in the United Kingdom, I was Chairman of the Regulatory Reform Select Committee. So a huge number of roles within parliament and the last gig that I did was a big review on cyber security as an enabler of economic growth.

CNG: Stephen, the question we need to ask you is what can we expect as business leaders to take from the McParland review on cybersecurity and economic growth? What are our business leaders going to take from this report?

The Rt Hon Stephen McPartland: The review was commissioned by the British Prime Minister and I was reporting to the Deputy Prime Minister. The government were very, very concerned about how vulnerable our economy is. The United Kingdom is one of the most digitized economies on the planet, as a result of that, depending on what day of the week and time it is, we are either the first or second most attacked economy in the world.

The Office of Budget Responsibility in the United Kingdom undertook an analysis suggesting that a successful cyber-attack on the British economy will cost 1.6 % of our GDP. Now to pop that into perspective, we spend about 2 % of GDP on our armed forces every year. So if you’re having a successful cyber-attack once a week, that’s 1.6 % a week in a multi trillion dollar economy!

One of the other aspects beneath this layer was that in the United Kingdom, SMEs in particular have very little cybersecurity. A lot of them don’t even have basic cyber hygiene. One of the most astonishing statistics is that 99 % of all companies in the United Kingdom are actually SMEs.

CNG: These are frightening statistics so what do you think the future looks like when it comes to cyber security in the UK given some of the points you’ve just touched on in relation to how vulnerable the supply chain is through the SMEs?

The Rt Hon Stephen McPartland: One of the big challenges about cybersecurity is it has a lot of negative connotations, especially within the United Kingdom. There are elements of shame if you’re the victim of a hack. People often don’t want to admit it, so they often don’t come forward. There’s an element of, well, the insurance will put my premium up, so there’s a fiscal element also.

When I was asked by the Prime Minister to undertake the independent review, I didn’t want to talk about it from a defensive point of view. I said, we need to think about cybersecurity as an enabler of economic growth. Let’s talk about growth, jobs, opportunity, innovation. Let’s make the United Kingdom a cybersecurity technology superpower and then go off there and export it. Let’s be the safest place in the world to do business and the toughest place in the world to commit a cyber-attack.

CNG: What’s your opinion on the challenges that UK business community face with the introduction of AI due to the concerns that AI will replace the workforce? Also what role do you see AI having in the future?

The Rt Hon Stephen McPartland : I think AI is a huge opportunity. AI is essentially how you manipulate data to come up with different decisions or products or services. But cybersecurity is how you protect that data. And it’s cybersecurity, resilience and recovery. So how do you ensure that nobody’s manipulating the data that you’re manipulating?

In essence, AI creates this massive opportunity to go off and really stimulate and be another technological revolution.

AI is a huge opportunity, but it’s only a tool in the box and you need great cybersecurity in order to protect that AI. Now AI itself, one of the problems we have is it’s the same with cybersecurity in the sense of it’s going to be making decisions for people about people.

You can create whatever environment you want, whatever technical solutions you want, but at the end of the day, you’re going to be providing that product to a human and those humans will either use it or find a way around it or not engage with it.

AI is a massive opportunity. If you think of the combustion engine, they replaced horses, there were a lot of businesses who were in the business of providing services to horses, everything from stabling to a variety of other foods and saddles, you name it. But the combustion engine, wasn’t just about a single innovation. That combustion engine led to rockets leaving this planet and going to the moon and putting satellites in space that led to global communications, that’s led to the digitized world, the globalized economy that we have now.

So that combustion engine, although it did displace some people and some products and services, it creates a massive unimaginable world and opportunity.

The Rt Hon Stephen McPartland:

In that unimaginable world and opportunity we’ve got to be better, because we’re always poor with this type of revolution, at helping those people who are being displaced - how do we actually transition them into those jobs? There’s a massive cybersecurity skills gap to then consider.

Why don’t we ensure that those industries or people that may get displaced, we think about career transition and providing training to those people so that they can work in these new industries that we’ve not even dreamed exist yet.

CNG: I guess we don’t need to worry too much at the moment about being completely replaced by all things AI, but actually embrace the opportunities that AI is bringing to the table. Would that be a fair summary?

The Rt Hon Stephen McPartland: Very much so and also you know better than me as do a lot of your listeners. We haven’t really got AI yet. We’ve literally got fancy machine learning.

CNG: We notice you’ve been very busy. You seem to be all over the globe right now and you seem to be spending a little bit of time focusing on the Middle East, particularly in the GCC, the Gulf region. What opportunities do you believe exist, if any, for UK companies out in that region?

The Rt Hon Stephen McPartland: Cyber security provides a massive opportunity, not only to stimulate growth in the British economy, but it’s also one of those wonderful services that is whole economy wide. It can stimulate everything from transport across to food manufacturing, if you’re providing everything in a safe and responsible way.

The GCC countries are already buying our insurance services, our legal services and financial services. So why don’t you buy our cybersecurity services to secure the other three? Essentially, we want to become the world leader at actually providing cybersecurity services to keep all your other services that you’re purchasing safe. One of the things that we’re very hopeful of is that when you see trade missions in the future, you’ll always see some kind of cybersecurity provider present at them.

We have a whole variety of organizations, everything from threat intelligence services across to a variety of innovative services from quantum crypto, you name it. So cybersecurity is this massive opportunity to be out there exporting to friendly countries who are already buying all our other services.

CNG: Many thanks for taking the time to share some of your views regarding Cyber security and touching on some elements of the McPartland Cyber Security report which can be viewed on CNG, scan the QR code.

Watch our Exclusive podcast interview with Rt Hon Stephen McPartland

SCAN THE QR CODE:

The RT Hon Stephen McPartland meeting King Charles III

Strategic Consultant & Non-Exec. Specialist in Risk, Governance, CyberSecurity & Digital Sustainability.

Rt Hon Stephen McPartland

A network of 9 regional Cyber Resilience Centres across England and Wales

Working with academia and the private sector to develop a talent pipeline.

The National Ambassador programme provides the opportunity for the UK’s largest organisations to collaborate with policing and government.

National Ambassadors

Cyber Risk Management: Beyond Just Information Technology

Cyber risk is no longer a concern for IT departments; it has become a critical issue for businesses of all sizes. Organisations, from small start-ups to large global enterprises, face a constantly evolving range of cyber risks. If these risks are not adequately managed, they may result in significant financial losses, damage to reputation, and regulatory penalties. Business leaders must understand and manage cyber risks to minimise their impact and enhance overall cyber resilience.

Despite the magnitude of the challenge,many organisations still need help to address cyber risk effectively. This is often because cyber risk is seen in isolation—as a purely technical issue—rather than being recognised as an integral part of enterprise risk management. However, cyber risk must be treated with the same gravity as any other significant business risk.

The Expanding Threat Landscape

Thirty years ago, the term “cyber security” didn’t exist. Back then, the focus was on prevention, firewalls, and intrusion detection systems. The drivers for attacks on computer systems were mainly due to notoriety rather than financial gain or geopolitical intimidation, which we see today. Fast forward to 2024, and we’re seeing figures associated with cybercrime akin to figures related to the GDP of a G7 country.

Cyber risk is a business issue that demands attention at the highest levels of leadership. It requires comprehensive governance, careful assessment, and ongoing monitoring to stay ahead of emerging threats.

A Holistic Approach to Cyber Risk

It’s gotten out of hand, and our ability to apply a compliance-only-based approach is no longer suitable.

Cyber threats; growing complexity and scale have been well-documented— from multiple Netflix series to current news. With every new technology, from cloud computing to the Internet of Things (IoT), comes a corresponding rise in potential attack vectors. Cybercriminals constantly adapt their methods, employing more sophisticated techniques such as ransomware, phishing, and supply chain attacks.For organisations, the question is not if they will face a cyber threat but when.

This reality burdens leadership teams, who must ensure their organisations are resilient enough to withstand and recover from these attacks. However, the responsibility for cyber risk management must not just be delegated to IT teams.

Organisations must adopt a holistic approach to cyber risk management to address these challenges effectively. The risk assessment process, which functions as a diagnostic tool, is at the heart of this approach.Just as a medical diagnosis identifies health issues, a risk assessment helps pinpoint vulnerabilities and potential threats to an organisation’s critical assets. It gives leaders a clearer picture of their risks and provides the foundation for making informed decisions.

By integrating cyber risk into the broader enterprise risk management framework (ERM) and using risk assessments to diagnose threats, leaders can better understand the potential impacts on their organisations. This clarity enables them to determine where to invest in security measures and how to allocate resources efficiently to address the most pressing risks.

A critical element of this approach is understanding the organisation’s unique risk profile.This involves identifying the vital assets that could be targeted in a cyberattack, evaluating the likelihood of such an attack, and assessing the potential consequences. With this insight, leadership teams can decide which risks to accept, mitigate, or transfer through insurance.

Effective governance plays an equally important role. Cyber risk management requires clear ownership at the senior management level, with continuous oversight and reporting to ensure the organisation’s risk posture is regularly evaluated and updated. This includes setting policies, defining roles and responsibilities, and ensuring that cyber risks are communicated clearly across the organisation.Organisations can better protect themselves in todays threat landscape by approaching cyber risk holistically and treating risk assessments as diagnostic tools.

Why Cyber Risk is a Leadership Issue

Cyber risk management is not just a technical issue, nor is it the sole responsibility of IT teams. It is a business issue that affects all departments and functions, from finance and operations to legal and marketing. It requires a strong commitment from senior management and a clear understanding of the organisation’s risk landscape.

Senior leaders, particularly Chief Risk Officers (CROs), Chief Operating Officers(COOs), and other senior managers, must drive the organisation’s cyber risk strategy.

This includes making informed decisions about investments in cyber security technologies, fostering a culture of security awareness among employees, and ensuring that the organisation is prepared to respond to incidents swiftly and effectively.

By embracing their role in managing cyber risk, business leaders can protect their organisations from potential harm and position them for success in an increasingly digital world. Effective cyber risk management builds trust with stakeholders, strengthens brand reputation, and ensures compliance with regulatory requirements.

Looking Ahead: Trends in Cyber Risk

Management.

As the digital world becomes more complex, the future of cyber risk management is moving towards a more proactive and integrated approach. Nick Frost, Co-Founder and Principal Consultant from CRMG, notes, “In 2025, we will see a shift from reactive to predictive cyber risk strategies. Companies will increasingly adopt advanced analytics and AIdriven tools to anticipate potential threats and vulnerabilities before they materialise. It’s no longer enough to respond to cyber incidents after the fact. Businesses must stay one step ahead of attackers by using technology that offers greater insight into their risk profiles, allowing for more dynamic decision-making.”;

Nick also highlights the growing importance of collaboration across industries. Cyber threats are not limited by sector or geography. In the future, we’ll see more crossindustry cooperation as businesses share intelligence and best practices to counteract the ever-growing sophistication of cybercriminals. Cyber resilience will depend on how well businesses can work together to build collective defences.”

A Call to Action for Business Leaders

In a world where cyber threats are everpresent, the need for effective cyber risk management has never been greater. Recognising that cyber risk is a core business issue, senior leaders can take the necessary steps to protect their organisations from harm, ensure resilience, and maintain trust with their customers and partners.

CRMG and OSP Cyber Academy offer a course tailored for senior roles for leaders who want to deepen their understanding of cyber risk management and develop the skills to make informed decisions. This comprehensive course offers practical insights and best practices for integrating cyber risk into an organisation’s overall risk management strategy.

https://ospcyberacademy.com/product/cyber-risk-management-course/ SCAN the QR code:

Navigating Risk and Control Frameworks in the Real World

But tackling each of these head-on is a luxury few organisations can manage, so a risk-based approach must be adopted.

Every organisation has a different sense of their risk appetite. This often runs in accordance with the type of data they hold, the work they do, and its sensitivity. But once organisations understand the risks they face, it’s easier to map out the controls they need to implement or improve to mitigate them, resulting in a residual risk that’s within risk appetite.

For instance, data loss is something organisations understand and strive to avoid. They all hold data of some form and there are many ways it could be compromised. It could be a malicious insider, or a bad actor coming in and blocking access, or criminal theft after gaining unauthorised access to the corporate network. This type of risk often leads to fines, financial losses, and reputational damage. This means it’s a risk which organisations must demonstrate they have under control through the implementation of good data management and security controls.

When it comes to managing risks and implementing controls around them, organisations will often look to adopt industry standard frameworks, such as the NIST Cyber Security Framework or the Center for Internet Security (CIS) Controls. These frameworks are not legally mandated in the UK, which means organisations can adhere to their principles to demonstrate cyber competence, but they are not obliged to do so. When it comes to their benefits, NIST, for example, is good for talking about security at a high level to boards, while CIS Controls provides a more practical and specific set of actions to follow. They can readily co-exist as blueprints for tackling cyber threats. Other organisations will look to achieve a more formal audit of their information security posture by seeking certification in standards, such as the globally recognised ISO27001.

Elaine McKechnie

To ensure best practice, we would map newly designed controls to the most appropriate industry frameworks. This adds an extra layer of credibility and assurance that the controls are not only fit for purpose, but also benchmarked against recognised global standards.

Despite their wide adoption, however, when it comes to implementing these risk and control frameworks, organisations will still meet a variety of obstacles.

So, in light of these challenges, what benefits can specialist consultants offer?

Adopting Risk and Control Frameworks

Before adopting a framework, organisations must think about the risks that could impact them and their appetite towards them.

Given these complexities, organisations will often turn to consultants, like i-confidential, to help support their adoption of risk management frameworks. When it comes to consultancy services, we offer many benefits to businesses wanting to better manage and control their risks.

Our approach is to conduct a thorough assessment to fully understand the organisation’s risk management maturity. This allows them to appreciate the risks that pose the greatest threat and identify weaknesses and gaps in their security posture.

And while there are many frameworks to choose from, none are a silver bullet. We don’t rely solely on generic frameworks. Our consultants ensure each risk category is defined in alignment with the client’s unique business environment. We work alongside stakeholders to design customised controls that map directly to these risks. This tailoring ensures the controls are both relevant and practical to implement.

Another important step is to bring the organisation’s teams on board with the new framework through workshops and stakeholder engagement – critical for embedding it culturally. We capture every key process, identifying control points and gaps, ensuring everyone is aligned on how the controls will be implemented and maintained.

The main benefit in understanding your controls is knowing where they are effective and ineffective, as well as identifying areas for operational efficiency.

Seeking budget to reduce security risk is easier when you have analysed the investment priorities

Once you have a view of gaps and areas for remediation, it’s much easier to provide evidence to risk owners and the board about where investment is needed. When security teams can clearly demonstrate gaps in risk management and explain the impacts this can have on business, the justification for increasing the cyber defences budget becomes clearer. The data can also provide insights into where specific actions are required. This helps organisations with setting up security improvement programmes, where reducing risks is road mapped over a period of time. By seeking expert guidance to clarify the complexities of cyber security risk management and control frameworks, organisations can unlock benefits that extend beyond just basic compliance. By making cyber security a priority, this not only mitigates risks associated with increasing threats, but also fosters resilience in the modern business landscape.

It is operational resilience that keeps the lights on when the worst happens, helping you respond and recover more quickly. That could be the difference between survival or extinction when dealing with security threats.

With dedication and a clear roadmap, organisations can continuously enhance their cyber security defences, setting improvement goals and consistently working to lower their exposure to risks. This ensures they are prepared for whatever challenges the digital domain exposes them to next.

Head of cyber security consultancy, i-confidential

Threats are inherent in the digital world. Whether it’s cyber-crime, data loss, human error, or the increasingly complex enterprise supply chain, organisations face a barrage of hazards that can be detrimental to their resilience, or even their survival.

If you want to bring Cyber Security alive for your staff who are not involved in information security, then our pop-up “escape room” style training is an engaging and interactive experience.

Cyber Escape Rooms “Knock your Cyber Training out

Cyber News Global had the pleasure of catching up with Irene Coyle, Chief Operating Officer OSP Cyber Academy who shared her thoughts on Immersive Training and the OSP Cyber Academy Cyber Escape Rooms.

Knock your Cyber Training out of the PARK.

I believe that to have an effective cyber training programme and not a one-off event), there are a number of things you should be considering when building your programme ...

Typically, information security training happens when an employee joins and they are overloaded with information, and they are only really concerned with where the coffee machine is.

1. Frequency and recency of signals passing from one neuron to the next increase memory

Tell people what you want them to know often! (don’t worry I am not getting too scientific here) Shift the focus from an annual task to an ongoing program, comprising e-learning, team meetings, face to face training and newsletters. The more you provide information, the more chance you will have that the message will land.

2. Emotions strengthen Memory

When we have fun, our brains release dopamine. According to neuroscientist Dr Martha Burns, dopamine has a direct impact on our ability to remember.

3. Memories are stored in multiple parts of the brain

Research suggests that memories are stored in many different parts of the brain. Different ways of learning trigger different reactions and different connections between synapses. If we engage all the senses while learning it will create memories in many parts of the brain and will reinforce your learning.

The more interested we are in an activity; the more dopamine is released and the better we remember it. She calls dopamine the “Save” button.

In addition, our brains are programmed to focus on new and unusual ways of learning. Learning that taps into the brain’s natural curiosity will be more successful.

OSP Cyber Academy want your staff to be engaged and motivated and feel minimal stress, Learning comes not from quiet classrooms and directed lectures, but from classrooms with an atmosphere of exuberant discovery” – that’s what we have introduced in our Immersive Training – a pop up escape room style exercise.

Our immersive training is a mental and physical adventure-based game in which players solve a series of puzzles and riddles using clues, hints, and strategy to complete an objective. During our training, users will have fun, cover important topics, and have time to reflect on that learning. The originality of the immersive approach will also support remembering key lessons.

“We come to your office and just need the space of a desk, we set up the exercise all from one suitcase, so you are in a police officers desk area with items on the desk to explore” Solve clues, crack lock codes, decipher information in emails. You need to act as a team to complete the exercise.

We all know from training some people will just sit back and hide and let others do the guesswork – we have designed our training so that everyone has a part to play The message should be for your organisation to build cyber resilience – everyone has a part to play not just your IT team.

The training should form part of an overall information security awareness training, comprising different types of learning including e-learning and regular newsletters.

Studies show that people will retain up to 60% more information when they are having fun and this training is designed to be fun for the learners involved which means it is more effective in increasing cyber security awareness with your staff.

You will also be providing a great team building experience as well as valuable skills that will help to keep company data and personal data safe.

Get in touch with me and we can demo the immersive training over a 10-minute teams call – the advantages of technology.

To hear more about what Irene had to say with Lets Talk Cyber scan the code.

THE DIGITAL OPERATIONAL RESILIENCE ACT (DORA): ENSURING STABILITY IN FINANCIAL SERVICES

In the evolving landscape of global finance, operational resilience has become a paramount concern. The European Union’s Digital Operational Resilience Act (DORA) is a regulatory framework designed to bolster the resilience of financial services by addressing the complexities and interdependencies inherent in today’s digital world. This article explores the purpose, scope, and impact of DORA, particularly in comparison to similar regulations in the UK.

Understanding DORA

DORA stands for the Digital Operational Resilience Act, a regulatory initiative by the European Union aimed specifically at enhancing the operational resilience of the financial sector. The primary motivation behind DORA is the recognition that financial services are increasingly interconnected and dependent on digital technologies, which introduces new vulnerabilities and risks. The act mandates comprehensive risk management practices, continuity planning, and robust cybersecurity measures.

Richard Preece, the Managing Director of DA Resilience and Chief Training Officer of OSP Cyber Academy,

provides valuable insights into DORA’s framework.

He emphasises that DORA is grounded in principles established by the Basel Committee on Banking Supervision in 2019, which called for robust governance, operational risk management, business continuity, and third-party dependency management, among other things. The committee’s guidelines underscored the need for financial institutions to assume disruptions as a matter of when, not if, reflecting the critical importance of preparedness in today’s volatile environment.

Key Differences Between DORA and UK

Operational

Resilience Regulations

While DORA is a significant regulatory step for the EU, it is essential to understand how it compares to similar regulations in the UK. According to Preece, the UK has taken a slightly different approach, with its Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) issuing separate but aligned guidelines. These UK regulations will come into full force by March 2025, shortly after DORA’s January 2025 implementation.

One of the primary differences lies in the scope and focus of the regulations. DORA is highly prescriptive and IT-focused, addressing digital aspects of operational resilience. In contrast, the UK’s approach is more holistic, considering a broader range of factors, including pandemics, property issues, and overall market stability.

This divergence reflects the UK’s relatively mature financial sector, which necessitates a more principles-based regulatory framework.

Coverage and Impact of DORA

DORA encompasses a wide array of financial services, from traditional banks to emerging sectors like crypto assets. It specifically targets over 20 different types of financial entities, ensuring that the entire spectrum of financial services is covered. Moreover, DORA extends its regulatory reach to critical third-party providers of IT services, recognising their pivotal role in maintaining the resilience of financial institutions.

For companies within DORA’s scope, the implications are significant. Firms must first confirm their inclusion under DORA and then align their practices with the act’s requirements. Even firms outside the immediate scope of DORA are encouraged to adopt its principles, as these practices represent robust operational standards applicable across various sectors.

Compliance with DORA involves adhering to stringent ICT risk management protocols, conducting regular operational resilience testing, and establishing clear reporting mechanisms for security incidents.

Additionally, firms must manage their thirdparty dependencies meticulously, ensuring a comprehensive oversight framework is in place. While these requirements might seem demanding, they are fundamentally rooted in good business practices essential for sustaining a resilient and secure financial operation.

Implementing DORA: Challenges and Best Practices

The implementation timeline for DORA is tight, with regulatory technical standards expected to be confirmed by July, leaving firms with only six months to ensure full compliance by January 2025. This timeline poses a considerable challenge, especially for larger financial institutions with complex operational structures.

Preece advises firms to adopt a methodical approach to compliance. The first step is to ensure that all stakeholders, from board members to operational staff, understand and are competent in their roles related to DORA. Firms should develop a clear, actionable plan for compliance, regularly review their progress, and make adjustments as necessary.

A critical aspect of DORA compliance is the ability to demonstrate credibility and competence to regulators. This includes not only having robust systems in place but also being able to show that these systems are effectively managed and continuously improved. Given the high stakes involved, particularly in the financial sector, regulators are expected to scrutinise compliance efforts

The Future of Financial Resilience

The introduction of DORA marks a significant step in the EU’s efforts to enhance the resilience of its financial sector. By setting high standards for operational risk management and cybersecurity, DORA aims to mitigate the risks associated with an increasingly digital and interconnected financial

Richard Preece - Chief Training Officer at OSP

DORA: Ensuring stability in

While the potential for significant fines and regulatory actions looms, Preece suggests that regulators are likely to take a proportionate approach, much like with GDPR. Initial enforcement will focus on ensuring compliance and fostering a culture of resilience rather than immediately resorting to punitive measures. However, firms should not underestimate the importance of these regulations and must prioritise their compliance efforts.

In summary, DORA represents a critical evolution in the regulatory landscape of financial services. It underscores the importance of operational resilience in a digital world and sets a high bar for financial institutions to follow. By aligning with DORA’s principles, firms can not only achieve compliance but also enhance their overall resilience, ensuring they are well-equipped to navigate the challenges of the modern financial environment. As with any regulatory change, the key to success lies in thorough preparation, robust execution, and a commitment to continuous improvement.

Richard Preece at GDPR Summit Aberdeen

Leveraging the EU AI Act for Sustainable Development Goal (SDG) Alignment

Introduction

The European Unions Artificial Intelligence Act (EU AI Act), which came into force on August 1, 2024, offers a strategic framework for enterprises to enhance their contributions to the United Nations’ Sustainable Development Goals (SDGs). The Act provides a regulatory environment that promotes trustworthy and responsible AI use, ensuring safety, transparency, and ethical governance. It categorizes AI systems based on risk levels, ranging from unacceptable risk to minimal risk, and establishes distinct requirements for each. By adhering to the Act’s stipulations, organizations can foster innovation that not only advances business objectives but also aligns with global sustainability targets.

The Role of the EU AI Act in SDG Alignment

The 17 SDGs, established by the United Nations in 2015, address global challenges such as poverty, inequality, climate change, and environmental degradation. AI has the potential to contribute to achieving these goals, and the EU AI Act encourages the development of AI technologies that are socially and environmentally sustainable.

The Act’s core focus areas—governance, transparency, data integrity, and human oversight—closely mirror the SDGs, offering enterprises the tools to contribute to a more sustainable and inclusive world.

For instance, the Act emphasizes trustworthy AI, which aligns with SDG 16 (Peace, Justice, and Strong Institutions) by mandating transparency and accountability in AI systems, thus ensuring that AI development serves all stakeholders fairly and equitably.

Key Provisions of the EU AI Act Supporting SDGs

1. Trustworthy AI Development: The EU AI Act mandates that high-risk AI systems undergo rigorous risk management procedures, supporting SDG 16 by enhancing transparency and accountability. This ensures that enterprises avoid the perpetuation of bias, leading to fairer and more equitable outcomes.

2. Enhanced Data Governance: The Act’s focus on high-quality data aligns with SDG 9 (Industry, Innovation, and Infrastructure) by promoting the development of robust and reliable AI systems. This not only enhances safety but also facilitates innovation in industries such as healthcare and financial services.

3. Human-Centric AI: By mandating human oversight in high-risk AI applications, the Act supports SDG 8 (Decent Work and Economic Growth). This approach ensures that AI complements human labor, creating more inclusive and efficient workplaces, particularly in industries prone to AI disruption, such as transportation and manufacturing.

4. Environmental Sustainability: AI’s potential to address environmental challenges aligns with SDG 13 (Climate Action). The EU AI Act promotes the use of AI for environmental monitoring, resource management, and climate adaptation, encouraging enterprises to adopt sustainable practices and mitigate their environmental impacts.

How Enterprises Can Leverage the EU AI Act for SDG Adherence

1. Trustworthy AI Policies: Enterprises should develop comprehensive AI guidelines that align with the EU AI Act, focusing on transparency, bias mitigation, and accountability. This will ensure that AI systems are free from discriminatory outcomes and can support SDGs such as SDG 10 (Reduced Inequality).

2. Strengthen Data Governance: Highquality data is essential for building reliable AI systems. Enterprises must implement robust data governance frameworks that prioritize data integrity and transparency, in line with the Act’s requirements. This promotes innovation in industries such as financial services and healthcare, which are critical for SDG achievement.

3. Human-Centric AI Implementation: Organizations should ensure that AI technologies augment rather than replace human labor, fostering inclusive growth. This involves integrating AI into workflows that enhance human decision-making and productivity, aligning with SDG 8.

4. Invest in Sustainable AI Solutions: AI can drive innovation in energy efficiency and resource management.Enterprises should focus on developing AI solutions that directly address climate action and sustainability challenges,supporting SDG 13 and SDG 12 (Responsible Consumption and Production).

Strategic Recommendations for Enterprises

1. Develop and Implement Ethical Codes of Conduct: Enterprises should establish voluntary codes of conduct that incorporate ethical principles and environmental sustainability into AI development. This will help align business practices with the SDGs, ensuring long-term social and environmental impact.

The EU AI Act offers a comprehensive framework for aligning AI development with global sustainability goals.

2. Engage with Stakeholders: Inclusive AI development is key to ensuring that the benefits of AI are widely shared.Enterprises should engage with diverse stakeholders, including civil society, academia, and consumer protection organizations, to ensure their AI solutions address societal needs.

3. Foster Interdisciplinary Cooperation: AI solutions for global challenges require collaboration across disciplines.Enterprises should collaborate with experts in fields such as non-discrimination, inequality, and environmental protection to create AI technologies that are socially and environmentally responsible.

4. Participate in Standardization Processes: Engaging in the development of AI standards is crucial for ensuring that AI technologies meet the highest ethical and sustainability benchmarks.

Enterprises should actively contribute to standardization efforts to help shape the future of responsible AI.

Conclusion

The EU AI Act offers a comprehensive framework for aligning AI development with global sustainability goals. By adhering to the Act’s requirements, enterprises can contribute to the achievement of the SDGs while fostering innovation, mitigating risks, and ensuring the responsible use of AI technologies. Organizations that embrace the principles of the EU AI Act will be wellpositioned to drive sustainable growth, enhance their reputation, and create longterm value for society.

https://www.ai-and-partners.com contact@ai-and-partners.com

https://www.linkedin.com/company/ ai-&-partners/

SCAN THE QR CODE :

ASSURED TRAINING

This course provides delegates with the opportunity to explore and discuss cyber risk and resilience and how to provide effective governance, risk management and strategic implementation.

Delivered by:

Aimed at Board members including Executive Officers , this course is for those who need to provide governance and implement strategy for cyber risk, i ncluding data protection and resilience.

Richard Preece, Chief Training Officer OSP Cyber Academy

A co-opted core panel member of the British Standard (BS) 31111 Cyber Risk and Resilience Guidance for Boards and Executive Management. A chapter author for Managing Cybersecurity Risk – How Directors & Corporate Officers can protect their businesses.

To reserve your place - contact training@ospcyberacademy.com - or scan QR Code

TO BRING THE BEST OF BREED CYBER SECURITY / OT TRAINING

SIKER have designed and implemented a suite of tutor lead courses and flexible eLearning that surpass industry standards.

Created with the latest technology, Siker courses will guide you confidently through OT, ICS, ACT and ISS cyber security.