1. Regulations are becoming more accepted as an effective way to boost resilience.<\/b><\/b><\/p>\n
Back in 2022, only 39%<\/b><\/span> of respondents thought that cyber regulations actually helped reduce risk.<\/p>\n Fast forward to 2025, and that number has jumped to 78%<\/b><\/span>.<\/p>\n That\u2019s a massive 2x shift!<\/b><\/b><\/p>\n I think it\u2019s because more organizations have gone through their first rounds of compliance implementations and actually seen the results.<\/i><\/p>\n Placement Suggestion:<\/b> Insert <\/span>Chart 1: Cyber and Privacy Regulations Effectiveness<\/b> here.<\/span><\/p>\n 2. At the same time, small and medium-sized organizations are falling behind.<\/b><\/b><\/p>\n In 2022, only 5%<\/b><\/span> of smaller companies reported insufficient cyber resilience.<\/p>\n By 2025, that number has grown to 35%<\/b><\/span>\u2014a whopping 7x increase!<\/b><\/b><\/span><\/p>\n And the gap keeps widening.<\/p>\n This poses a risk not just to the small organizations themselves, but also to the entire ecosystem due to interconnected supply chains.<\/p>\n Larger organizations and regulators have a strong incentive to support and invest<\/b><\/span> in smaller, less-capable organizations to enhance the resilience of the whole ecosystem.<\/p>\n The Future of Cyber Regulations<\/b><\/b><\/p>\n That\u2019s why I think we\u2019re heading toward a future where even smaller organizations (yes, maybe even dairy farms)<\/b><\/span> will be brought under new regulatory frameworks like NIS 3<\/b><\/span>. This means that even small businesses will need formal Governance, Risk, and Compliance (GRC) programs<\/b><\/span>.<\/p>\n![\"Chart](\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/1.-regulations-are-effective-in-reducing-my-cyber-risk.png\")
<\/p>\n![\"Smaller](\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/04\/2.-organisations-reporting-insufficient-cyber-resillience.png\")
<\/p>\n