The Cyber Resilience Act (CRA) is a first of its kind legislation that will provide a baseline cybersecurity standard for products with digital elements within the European Union. The CRA will address two key issues; products with digital elements manufactured with low levels of cybersecurity leading to widespread vulnerabilities and users having an insufficient knowledge of product cybersecurity to use it in a secure manner. The CRA is a horizontal legislation, this means it will cover a broad range of products across many sectors, including any product with hardware or software components sold in the EU.

The CRA is an important consideration for many businesses developing new products and to ensure old products meet the new standards. The CRA is moving very quickly through the EU legislative process and is expected to be finalised by Q2 of 2024. This means now is the time to start thinking about your business’s compliancy journey for the CRA.

The Digital Operational Resilience Act (DORA) is a new EU wide legal framework affecting financial entities such as banks, insurance companies and investment firms that will come into force in 2025. The financial sector is now inextricably linked to the cyber world, with this comes new and evolving risks and vulnerabilities. DORA aims to increase cyber resilience in the financial sector by creating detailed criteria all financial entities must adhere to in specific areas including ICT risk management, digital operational resistance testing and information sharing.

The date by which DORA must be adhered to is fast approaching and many financial entities will need to make changes to their current ICT landscape and operations. CCL offers tools, consultancy and expertise to help implement DORA criteria smoothly and effectively.

The Network and Information Security (NIS) Directive was the first EU wide cybersecurity directive, it helped to increase cybersecurity standards across Member States and whilst it was successful in some areas, implementation was difficult. NIS2 has been proposed to build on the foundation of NIS, this new directive covers more sectors, introduces stricter supervisory measures and enforcement requirements as well as address security of supply chains. This means businesses that came under NIS will need to update their cybersecurity protocols and businesses in sectors that did not fall under NIS but do under NIS2 will need to ensure they are compliant.

The date by which NIS2 compliance must be in place has been set, 17th October 2024. This deadline is fast approaching and so it is imperative that businesses begin the compliancy process as soon as possible. Cyber Cert Labs is here to help make your transition from NIS to NIS2 as smooth as possible, as well as help businesses from the new sectors ushered in under NIS2 to build a new compliancy policy.

We blend cutting-edge Artificial Intelligence, graph databases, and data science with battle-tested frameworks like MITRE ATT&CK and D3FEND to help you create accurate cyber-attack simulations.

Identify high-value data sources (network flows and maps, asset inventories, cyber threat intel, security event information and IAM databases) to construct your Digital Twin.

Build resilient data pipelines for automated updates, ensuring your model evolves with you changing digital environment.

Run automated attack scenarios—from ransomware to supply chain exploits—to stress-test defences.

Deliver executive-ready dashboards showing ROI on security investments, control upgrades, and incident response gaps.

We work closely with your cyber and data science teams to embed this approach into your cyber security capabilities

Developing a robust, actionable and business oriented cyber strategy is the first step in a top down approach to align cyber security capabilities with clear business objectives and goals. The strategy should assess the current cyber security capabilities, map out a desired future state and highlight the milestones to get there.

Aligned to the organisation operations risk appetite the strategy will provide the context to develop cyber security capabilities in the areas of Identify, Protect, Detect, Respond and Recover.

Managing technically complex cyber security programmes requires experience programme and project managers to manage that complexity from high level objectives all the way down to daily stand ups.

Cyber Cert Labs will work with you to provide cyber programme and project management capabilities to ensure your cyber programmes achieve their stated objectives.