What’s more, it is often encouraged – and will increasingly be enforced – by growing regulatory pressures. In January 2023 alone, the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive (NIS2) entered into force, with both carrying significant business implications. DORA requires European financial institutions to ensure their business technology can withstand disruptive events, thus having public cloud exit plans and measures against ransomware in place. NIS2 requires EU member states to boost the resilience of their IT infrastructure by enforcing a culture of security across IT-dependent sectors that deliver vital services to society and the economy, thus categorizing more organizations as vital and therefore subject to more regulations.
Regulations cast a long global shadow and though their provisions have become more concrete, their implications in a complex IT landscape can be confusing. In an atmosphere heavy with volatility, uncertainty, complexity, and ambiguity (VUCA), decision-makers have grown more risk-averse. Worried their ambitions will conflict with legislative requirements, they postpone tech modernization moves. Their organizations become slow to market and fall behind the competition.
But actually, business progress and compliance go hand in hand. With a multidisciplinary understanding of their legislative and technical frameworks, regulations should enhance, not slow down, business. The right knowledge safeguards against overly narrow or literal interpretations that can lead to organizational inertia. Building resilience counters that inertia, even in an ever-changing VUCA world.