Cybersecurity legal and regulatory landscape

A comprehensive analysis of the legal and regulatory cybersecurity landscape in Greece

Related topics

EY in Greece and Microsoft have conducted a study on the compliance challenges faced by Greek businesses in a fragmented cybersecurity regulatory landscape.

The exponential evolution of digital technology, beyond its business benefits, has also increased the complexity of cybercrime, creating additional costs for businesses to manage security risks. At the same time, digitalization is shaping a dynamically changing, yet fragmented regulatory environment, with which organizations are required to comply.

A new study by EY in Greece and Microsoft examines, for the first time, the compliance challenges associated with the current cybersecurity legal and regulatory landscape in Greece. The aim of the study is to support Greek businesses in their efforts to ensure compliance with the abundance of regulatory requirements, while successfully adapting to an ever-changing digital environment.

Facing a complex regulatory environment

The growing importance of cybersecurity has led governments and supranational organizations, such as the European Union, to introduce specialized regulations and laws. These measures have made compliance and systematic monitoring of companies' obligations an increasingly complex task. 

For the first time in the Greek market, the study attempts a comprehensive analysis of the current national and European cybersecurity legal and regulatory landscape. It presents a detailed overview of European Directives, such as NIS, NIS II and CERD, as well as the main legislative acts on cybersecurity in Greece (Law 4577/2018, Law 4961/2022). The study also explores their scope of application and outlines the necessary steps for Greek businesses to achieve compliance with these regulations.

In line with the developments in the EU, Greece has adopted the National Cybersecurity Strategy (2020-2025) and has actively taken measures to enhance the country’s level of information security. The National Strategy includes a clear action plan for the National Cybersecurity Authority and highlights the gradual progress made by Greek public bodies in implementing coherent cybersecurity governance policies, enforcing regulations, and overseeing the private sector.

As part of the EU Cybersecurity Strategy framework, the European Union has already adopted the Cybersecurity Act and the sectoral Digital Operational Resilience Act (DORA) for the financial sector, which are directly applicable in Greece.

The overall legal and regulatory landscape aims to strengthen the resilience of organizations across all sectors and industries against cyber threats, thereby reducing overall cybersecurity risk. However, ensuring compliance with the expanding requirements poses additional challenges for businesses, including the need for management efforts, time, cost, and the development of skills, talent, and training.

Increased digitalization leads to increased compliance challenges 

To further explore these challenges, the study features a survey conducted on a sample of cybersecurity professionals from large Greek companies, operating in various sectors of the economy, such as financial services, energy, telecommunications, and the public sector.

The main sources of these compliance challenges can be derived from the following four areas:

  • Fragmentation of the regulatory and legislative landscape
  • Organizational and administrative concerns
  • Management of third-party compliance
  • Availability of talent and skills to effectively manage cybersecurity compliance
The survey revealed that
of the companies that provided feedback, acknowledge that the country’s cybersecurity regulatory framework is fragmented and requires immediate and significant changes.

Additionally, the findings showed that 54% of Greek businesses consider the management time and costs required to ensure regulatory compliance to be a burden on their business. In addition, eight out of ten businesses appear to face difficulties in finding the human resources needed to effectively manage compliance challenges. At the same time, only 27% of businesses claim to have a clear overview of how they manage third-party compliance risks, and only one in ten respondents (13%) strongly agrees that their business has the appropriate technological controls in place, as well as the relevant tools to ensure ongoing compliance with current cybersecurity regulations.

Separately, in terms of third-party management, the majority of respondents agree that increased dependency on third parties may pose a significant compliance risk, as their overall maturity may vary, while there is a high degree of uncertainty on whether their respective organization has a clear view and control over the relevant third parties in order to properly manage the associated compliance risks.

An integrated approach by EY and Microsoft to manage cyber compliance challenges

In this challenging environment, EY and Microsoft have forged a robust strategic partnership to offer integrated cybersecurity services for businesses across various sectors and industries. EY in Greece provides business and technology consulting services, while Microsoft offers innovative security and Cloud solutions. Together, they aim to assist Greek businesses in managing and addressing the challenges associated with digital transformation and safeguarding their digital infrastructure, while also ensuring regulatory compliance.

Download the full version of the EY-Microsoft study, in English

Summary 

A new study from EY and Microsoft, focuses on understanding the needs of Greek businesses in ensuring security in the cyberspace and protecting their digital infrastructure, while also complying with a dynamically changing and fragmented regulatory environment. 

About this article