The ever-growing dependence on technology and the rise in the frequency of cyber threats has resulted in more industries being regulated by cybersecurity standards. As organizations move more toward digital transformation, they become more susceptible to cyberattacks. These attacks can have significant implications for businesses, individuals, and national security. Let’s look at why more industries are being regulated by cybersecurity standards.
- Increasing cyber threats: Cyberattacks are becoming more and more common, and they’re only getting more sophisticated. They target organizations of all sizes, across all sectors, and they can cause a lot of damage. That’s why it’s so important for organizations to have strong cybersecurity standards in place. These standards help protect sensitive information, infrastructure, and assets from being compromised.
- Dependence on technology: Businesses that rely heavily on technology are at greater risk of cyberattacks. This reliance on digital systems and data makes cybersecurity a critical aspect of modern business operations. By implementing effective security measures, businesses can protect themselves from the damaging effects of cyberattacks.
- Protection of sensitive data: Many industries, such as those handling personal, financial, or health information, are attractive targets for cybercriminals. Regulating these industries with cybersecurity standards helps protect this sensitive information and maintain public trust.
- Compliance and legal requirements: Cybersecurity regulations usually exist to make sure that companies take the necessary steps to protect their customers and other people who could be affected by their business. Breaking these rules can have some pretty severe consequences, like legal fees, money issues, and a bad reputation.
- Interconnectedness of systems: As industries become more interconnected through the internet and other digital networks, vulnerabilities in one sector can have a cascading impact on others. Implementing cybersecurity standards across industries helps to maintain the overall stability and security of the interconnected ecosystem.
- National security concerns: Cybersecurity is increasingly seen as a matter of national security. Critical infrastructure, such as energy, transportation, and financial systems, are vital to the functioning of society and the economy. Ensuring the security of these sectors is crucial for national security and public safety.
- Consumer demand: Consumers are becoming more aware of the importance of cybersecurity and privacy. As a result, they are increasingly demanding that businesses take appropriate measures to protect their personal information. Implementing cybersecurity standards helps companies meet these expectations and build trust with their customers.
Because of the growing reliance on technology, increasing cyber threats, and the interconnected nature of modern industries make it essential for more industries to be regulated by cybersecurity standards. These regulations help protect sensitive data, maintain public trust, ensure compliance, and contribute to national security.
Which Industries Will be Subject to New and/or More Cybersecurity Regulations?
In this context, we expect to see more cybersecurity regulations put in place in the coming years. And some industries in particular will likely be subject to increasing, or entirely new, cybersecurity compliance demands.
“In the United States, a whole suite of new regulations and enforcement are in the offing: the Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all working on new rules. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation.”– Harvard Business Review, 2022
It’s challenging to predict precisely which industries will be subject to new or more stringent cybersecurity regulations in the future. However, industries that manage sensitive information, and critical infrastructure, or significantly impact national security are more likely to face increased regulation.
A great example is the recently instated FTC Safeguards Rule which will impose security and compliance regulations explicitly on car dealerships for the first time. The rule, which aims to protect consumer financial information, requires automotive dealerships to have a documented data security program in place. The recent changes include designating a qualified leader for security and compliance, conducting regular assessments, developing security policies, and reporting on these efforts. It also outlines requirements for multi-factor authentication, data encryption, security training, and regular security testing, including vulnerability scans and annual penetration tests.
Banks, insurance companies, fintech companies and other financial institutions handle vast amounts of sensitive financial data, making them attractive targets for cybercriminals. Regulators are likely to continue imposing strict cybersecurity requirements to safeguard consumers’ financial information and maintain the stability of financial systems.
“One that comes to mind for me recently is the banking industry. The reason is that, with the failure of Silcon Valley Bank and Signature Bank, I think that this environment presents a ripe opportunity for hackers. We know from experience that the seize any opportunity that comes around. Banking is a huge market, a valuable market, and I don’t think the problem is over yet; we may see some other large banks collapse. When a bank fails, depositors get scared, cash is flowing out of the bank, there is a flurry of transactions and activity. All of this creates a diversion for delinquents and cybersecurity attackers attempting to breach the system. So, I think there is increased risk in the banking industry these days.”– David Dunkleberger, CPA, HITRUST CCSFP, and partner at I.S. Partners.
Government agencies at all levels hold sensitive data and are responsible for providing essential services. As cyber threats targeting governments increase, regulatory bodies may impose stricter cybersecurity requirements on government entities.
A good example of this is the Cybersecurity Maturity Model Certification (CMMC). It’s a framework that includes cybersecurity processes and best practices from various sources for the Department of Defense (DoD) contractors. CMMC aims to audit compliance with NIST, which defines measures for protecting Controlled Unclassified Information (CUI).
All contractors, subcontractors, equipment manufacturers, and material suppliers doing business with the DoD will need to obtain a CMMC attestation as this new regulation goes into effect starting as soon as July 2023. The CMMC requirements are expected to improve the security of organizations in the Defense Industrial Base (DIB) sector.
Higher education institutions, particularly those working with the DoD, are increasingly evaluating and improving their cybersecurity measures to protect student data and comply with the upcoming CMMC requirements. And rightfully so; CMMC will impact universities, federally funded research and development centers, and university-affiliated research centers that maintain government research contracts. However, institutions not pursuing federal government or DoD research contracts may not be initially affected. Up until now, these universities have largely been left to navigate federal compliance mandates independently, without extensive resources.
Energy & Utilities
The energy sector, including electric, oil, and gas companies, is part of the critical infrastructure that ensures the functioning of modern societies. Cyberattacks on these systems can have widespread and severe consequences. As a result, regulators may introduce more stringent cybersecurity standards to protect these vital systems.
Telecommunication companies are responsible for the infrastructure that supports internet and phone services. As these services become increasingly crucial for daily life and business operations, regulators may strengthen cybersecurity regulations to protect against potential disruptions.
The transportation sector, including airlines, railways, and shipping companies, is essential for global trade and travel. Cyberattacks on transportation systems can cause significant disruptions, so regulators may impose more robust cybersecurity requirements to secure these systems.
As manufacturing processes become more connected and automated, the risk of cyberattacks disrupting production lines and supply chains increases. Regulators may implement more robust cybersecurity standards to protect the manufacturing sector.
These industries, among others, may face more stringent cybersecurity regulations in the future as governments worldwide recognize the growing threats posed by cyberattacks and the need to protect critical infrastructure, sensitive data, and essential services.
We’ve Got Your Industry Covered!
AWA provides a full suite of cybersecurity services and certifications for businesses working in nearly every industry available. Contact us now for a free quote.