Ensuring organisation-wide engagement with compliance policies presents significant challenges, including overcoming employee apathy, addressing diverse learning styles, and combating the perception of compliance as a bureaucratic burden. To overcome these obstacles, legal and compliance teams must adopt a multifaceted approach. This involves tailoring communication to specific roles and departments, implementing interactive and scenario-based training that resonates with real-world situations, and leveraging technology to seamlessly integrate compliance into daily workflows.

Your software supply chain has always been a cybersecurity risk but is now becoming a compliance issue with increased reporting necessary. 3CX and MOVEit attacks of 2023 are just the beginning of a dramatic rise in supply chain attacks targeting software development processes and third-party vendors, attacking vulnerabilities in software supply chain. Since then, the UK and EU’s cybersecurity regulatory landscape has evolved with the implementation of the NIS2 directive and EU’s DORA frameworks. From contractual safeguards required with vendors and clear liability and indemnification clauses for security breaches to comprehensive incident response plans and clear communication protocols with relevant stakeholders, legal and compliance leaders must now be able to prove to regulators effective protections and response plans in the case of cybersecurity exposures.

• Explore the legal and compliance aspects of cybersecurity protections such as adhering to NIS2 and DORA
• Discuss how advanced organisations are going above and beyond contractual and partnership obligations with force majeure clause to truly protect their organisation against cyber threats and ensure operational resilience in the case of attacks.
• Evaluate to what extent those in charge of onboarding suppliers understand the importance of such obligations in protecting the wider company