Cybersecurity compliance: new technologies are on the rise

In cybersecurity, compliance came to the fore when the first regulations entered into force in the 2000s. Regulatory works speeded up following major cyberattacks in the 2010s. This decade saw rapid technological change that also led to critical security flaws.

One such case was the cyberattack Sony suffered in 2011, when hackers breached PlayStation Network (PSN) servers. They managed to steal data and make the service unusable for gamers. The reaction of European regulators was swift in the face of the growing risk of cyberattacks. It led to the GDPR and the NIS directive in 2016.

The need for « cyber » compliance grew alongside companies’ widespread adoption of digital tools against the backdrop of the Covid-19 pandemic. Cybersecurity is now becoming a key risk management issue as companies begin to undertake the digital transformation of their businesses.

The evolution of generalist tools

Compliance is no longer just for banking and finance. It also concerns a variety of fields such as pharmaceuticals, hygiene, data protection, and cybersecurity, each with their own specificities. It relies on RegTechs, LegalTechs and SupTechs. These new technologies aim to optimize companies’ compliance, document management and legal procedures, as well as automate audits by supervisory authorities.

RegTech, a portmanteau of « regulatory » and « technology », refers to technology services that improve compliance. LegalTech refers to the technology services made available to legal professionals to help them optimize, organize and manage legal documents and procedures.

Private companies are not the only ones interested in these new tools, though. Public entities, including Banque de France and ACPR (French Prudential Supervision and Resolution Authority) with the « SupTech » program launched in 2019, are using or looking into SupTechs. SupTechs, a portmanteau of « supervisory » and « technology », help to improve compliance monitoring and reporting in a given field of activity.

Moving toward concrete applications

In terms of digital security, compliance comes from the regulations on implementing anticipatory processes to ensure that data and IT systems security are handled properly. From internal organization to the implementation of emergency procedures, regulation concerns both the individuals using the technology and the IT system’s inherent resilience independent of any human intervention. Today, compliance is based on innovations that open up new perspectives.

The possibilities that arise from RegTechs target two sectors: data security and cybersecurity. In both cases, you need to know whether data protection standards have been met and whether processes have been implemented to safeguard against cybersecurity risks.

LegalTech, for its part, helps to optimize and automate businesses’ documents and/or legal processes. It acts as a complement to RegTech, covering the legal aspects of compliance. A compliance-focused LegalTech could provide several services: automation of legal processes, electronic document management to comply with regulations, creation of automated legal policies, legal intelligence, contract management and online compliance training.

SupTech offers a new approach to communication and transparency with supervisory bodies. Primarily focused on the supervision of financial markets, it could soon offer several services in the cybersecurity field, such as automated analysis of data processing, real-time monitoring of digital activities, detection of suspicious behavior, compliance with market rules, automated generation of regulatory reports, and advanced technologies such as artificial intelligence.