Cybersecurity 2025

INTRODUCTION  Contributed by: Christian Schröder and Odey Hardan, Orrick

Orrick, Herrington & Sutcliffe LLP Heinrich-Heine-Allee 12 40213 Düsseldorf Germany Tel: +49 211 3678 7316 Email: cschroeder@orrick.com Web: www.orrick.com

Introduction to the Cybersecurity Guide In recent years, cybersecurity has become a paramount concern for legal professionals, poli - cymakers, and businesses. The increasing fre - quency and sophistication of cyberattacks have prompted jurisdictions worldwide to enact com - prehensive legal frameworks to protect digital infrastructures and ensure the safety of personal and non-personal data. The recent wave of cybersecurity regula - tions reflects a global recognition of the criti - cal importance of safeguarding digital assets. These regulations have significant implications for businesses. They underscore the necessity for comprehensive risk management strategies, accountability at the highest levels of manage - ment, and the implementation of rigorous secu - rity measures across all sectors. One of the primary implications of these regu - lations is the heightened accountability placed on organisational leadership. With the mandate for senior executives to oversee cybersecurity measures, laws aim to ensure that cybersecurity is prioritised at the strategic level. This shift in responsibility requires a cultural change within organisations, where cybersecurity is integrated into the core business strategy rather than treat - ed as a peripheral IT issue.

Furthermore, the emphasis on incident report - ing and transparency has profound implications for how organisations handle data breaches and cyber incidents. Timely reporting to regula - tory authorities and affected parties is not only a legal obligation but also a critical component of maintaining trust and credibility. Organisa - tions must develop clear protocols for incident response and communication to comply with these requirements. The focus on supply chain security and the resil - ience of critical infrastructures highlights the interconnected nature of modern digital eco - systems. Cybersecurity cannot be viewed in isolation; it requires an inclusive approach that involves stakeholders across the supply chain. This interconnectedness of services neces - sitates that organisations conduct thorough assessments of their third-party relationships and implement stringent security controls to mitigate risks. The European Union (EU) has implemented a series of directives and regulations aimed at enhancing the security of its digital market. One of the cornerstone laws in the EU's cyber - security framework is the Network and Informa - tion Security Directive (NIS2). The NIS2 Direc -

5

CHAMBERS.COM

Powered by