3182: Fortinet and the Future of Cyber Resilience

In today’s episode, I welcome Ricardo Ferreira, EMEA Field CISO at Fortinet, to discuss how the UK's proposed Cybersecurity and Resilience Bill compares to the EU's NIS2 directive. Ricardo brings a wealth of experience in cybersecurity strategy and regulation, and he shares why he believes the UK's bill is missing key components that could make it truly effective.

With Brexit allowing the UK to take an independent approach, Ricardo argues that there is a unique opportunity to cherry-pick the most effective elements from NIS2 while avoiding its potential pitfalls. But is the current bill providing enough clarity?

 Ricardo highlights how the legislation introduces buzzwords like "digital supply chain" without actually outlining a clear path for addressing cyber threats. In contrast, NIS2 lays out a prescriptive approach that includes risk profiling, supply chain security frameworks, and post-breach recovery strategies.

We also explore the growing need for board-level accountability in cybersecurity. Should executives and directors be held personally responsible for cyber resilience within their organizations? And how can governments ensure that businesses have both the guidance and incentives to proactively address security risks rather than reactively scramble to contain breaches?

With cyber threats only growing more sophisticated, the role of regulation in mitigating risk has never been more important. But does the UK's current legislative approach go far enough? And what lessons can be learned from international frameworks like NIS2?

Tune in for an insightful discussion on the future of cybersecurity policy, where it’s headed, and what needs to change to create truly resilient digital infrastructures. As always, I’d love to hear your thoughts—how should governments balance regulation with innovation in cybersecurity?