Share
As we enter 2025, one word defines the cybersecurity landscape: resilience. For those hoping for a breather from the flood of new cyber regulations, the reality is quite the opposite. The coming year promises a continuation of the regulatory momentum, with major legislative milestones set to reshape the compliance landscape across the EU, UK, and beyond.
DORA: Increasing EU financial sector cyber resilience
On 17 January 2025, shortly after (or before) we take down our Christmas decorations, the EU’s Digital Operational Resilience Act (DORA) takes effect, introducing rigorous requirements for financial institutions, including banks and insurers. DORA mandates enhanced IT risk management, standardised incident reporting, operational resilience testing, third-party risk oversight, and information sharing. These measures aim to ensure the financial sector can withstand cyber disruptions while protecting consumer confidence. Businesses face steep penalties for non-compliance, making preparation critical as regulators adopt a strict enforcement stance.
The UK’s Cyber Security and Resilience Bill
In response to evolving threats, the UK will modernise its cybersecurity framework with a Cyber Security and Resilience Bill, expected in 2025. This update to the original NIS 1 Directive will likely expand the scope of regulation, enhance oversight, and mandate more detailed incident reporting. These changes position the UK to remain at the forefront of global cybersecurity standards, ensuring businesses operating across the UK and EU can align with dual regulatory requirements.
Resilience as a priority
Globally, countries like the US, Australia, and Singapore are strengthening cybersecurity frameworks, while AI governance frameworks, such as the EU’s AI Act, are set to intersect with cybersecurity regulations, further complicating compliance. Businesses must focus on proactive measures to meet these challenges, including strengthening supply chain security, enhancing incident response plans, and conducting regular resilience testing.
The Road ahead
2025’s regulatory changes are an opportunity for businesses to build trust and operational strength. Resilience is not just a goal — it is a necessity. At Kennedys, we are committed to supporting our clients in navigating this complex landscape, turning compliance into a strategic advantage.
Related item: Looking back: A year of cybersecurity milestones - disrupt hackers, not businesses
This article was co-authored by Joshua Curzon, Trainee Solicitor.
Aviation
Banking and finance
Construction and engineering
Education
Healthcare
Information technology
Insurance and reinsurance
Life sciences
Public sector
Rail
Retail
Shipping and international trade
Sport
Transport and logistics
Travel and tourism
Argentina
Australia
Belgium
Bermuda
Chile
Colombia
Denmark
France
Hong Kong
Ireland
Israel
Mexico
New Zealand
Peru
Singapore
Spain
Sultanate of Oman
United Arab Emirates
United Kingdom
United States