Content area
As the digital landscape evolves, states are increasingly implementing national cyber incident reporting obligations to enhance cyber resilience. This study investigates the implications of these obligations on multinational organizations, focusing on the variability of compliance requirements across jurisdictions and the challenges faced by companies in adhering to these diverse regulations. Through the methodological approach of conducting interviews with cybersecurity experts across various sectors, this study points out the growing complexity in cybersecurity incident reporting obligations. Findings reveal that companies employ multiple strategies to report to regulators, monitor regulatory changes, and educate employees responsible for reporting. However, maintaining compliance is identified as a significant challenge across all sectors, leading to calls for the standardization of regulations and the improvement of automation solutions. Given the lack of research in this area, this work lays the groundwork for future research, opening new avenues for investigation into the potential standardization and automation of cyber incident reporting processes.
Details
; Zimmermann, Verena 3 1 School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland (GRID:grid.5333.6) (ISNI:0000000121839049)
2 Military Academy at ETH Zürich, Birmensdorf, Switzerland (GRID:grid.5801.c) (ISNI:0000 0001 2156 2780); Leo & Muhly Cyber Advisory GmbH, Zürich, Switzerland (GRID:grid.5801.c)
3 ETH Zürich, Professorship for Security, Privacy & Society D-GESS, Zürich, Switzerland (GRID:grid.5801.c) (ISNI:0000 0001 2156 2780)