Events , Infosecurity Europe Conference , Security and Exchange Commission compliance (SEC)

Regulatory Changes Are on the Horizon. Are Companies Ready?

Ropes & Gray's Rohan Massey on Compliance Challenges and Strategic Prioritization
Rohan Massey, partner, Ropes & Gray

The increasingly regulated landscape of cybersecurity is changing across Europe, America and Asia - and more is on the horizon, said Rohan Massey, partner, Ropes & Gray. In Europe alone, organizations have to comply with over 100 pieces of legislation either on the statute book or in draft.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

But the biggest compliance concern is complexity - trying to understand which law will apply to organizations, especially since many regulations have extraterritorial effects. Massey urged organizations to start looking at what they have internally, "prioritizing the risks around it, ensuring they have internal management and compliance and governance programs that are documented and that they can actually act as and when an incident happens."

"It's about building a program that works for you, not that is standard for everybody else," he said. "Look at your business and think how it applies. What are the risks based on what you do, what data you handle, and how you handle volume, size, sensitivity and location?"

In this video interview with Information Security Media Group at Infosecurity Europe 2024, Massey also discussed:

  • How the upcoming NIS2 Directive will affect EU companies and those working with the EU;
  • How to build robust incident response plans and governance structures;
  • How to ensure that third-party suppliers and partners comply with relevant regulations.

Massey has practiced in the fields of data and data protection for more than 20 years and focuses on complex data protection and cybersecurity issues affecting multinational organizations. He specializes in international data transfer issues and advises clients on global compliance programs, data breach management issues and cyber incident response.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.