Q: Are we seeing regulatory frameworks be more demanding of effective levels of detection and response now?

Yes, we are absolutely seeing this. DORA, for example, sets a high bar, emphasising the importance of rapid visibility and seamless response across network, endpoint, and user activities to ensure incidents are managed comprehensively and proactively.

This shift in compliance requirements signals a clear call for organisations to adopt tools that not only provide unified visibility but also reduce the complexity of multi-layered security setups. It’s about moving toward a security posture that is agile and integrated, capable of addressing threats swiftly while aligning with rigorous regulatory standards.

Q: What do you think has caused this change?

Regulators are responding to the rising sophistication and frequency of cyber-attacks. These attacks can have far-reaching impacts, and the complexity of existing security systems often creates visibility gaps, leading to slower response times and escalating costs.

To address these risks, regulatory bodies now require streamlined tools and processes that provide real-time, comprehensive visibility into the security landscape, allowing for faster containment and effective recovery.

Q: Do you think overall that businesses are getting better at detecting attacks and threats, and being able to respond in a timely manner?

Larger firms are generally better positioned to detect and respond to attacks and threats as they have more established infrastructures and resources. Many large firms already comply with stringent security frameworks, such as SS2/21 and ISO27001, which means they likely already have DORA-mandated risk management and assessment controls in place.

A McKinsey report shows that 94 percent of large multi-national financial organisations are actively working to understand DORA’s requirements, although many may still struggle to meet the February deadline.

Smaller firms, on the other hand, often lack resources such as a dedicated security operations centre (SOC) or comprehensive security teams. For them, compliance with DORA - and by extension, improving their ability to detect and respond to threats - relies heavily on achieving rapid visibility through simplified security management. This highlights a gap in preparedness between larger and smaller firms when it comes to timely threat detection and response.

Solutions that consolidate and automate data are helping bridge this gap, enabling faster and more efficient responses with fewer resources. However, traditional, layered security stacks still create visibility gaps - highlighting the need for unified tools that bring all security data together, so teams can detect and respond to threats in real time.

Q: What should a timely response be - are we getting clear guidance from regulatory frameworks?

Timely response expectations are becoming more stringent, and DORA is one of the frameworks setting clear benchmarks: an initial report within 24 hours of an incident, a more detailed follow-up report within 72 hours, and a final report within one month.

While these guidelines provide specific timelines, meeting them requires seamless access to data across networks, endpoints, and user activities. Without this level of integrated visibility, organisations can struggle to gather and report necessary details within DORA’s tight windows.

To address this, many are adopting solutions that unify security data, streamline incident response, and ensure that all information needed for reporting is readily accessible. Such tools allow organisations to take action within the specified timeframe, reducing risk and strengthening compliance. The guidance is there, but the capability to respond effectively often depends on having the right technology in place.

Modern security tools also now leverage AI that mimic how human analysts act and think when responding to alerts, reducing the burden on security teams. These solutions assess the severity and relevance of grouped events, surfacing only those likely to indicate a genuine threat. In critical scenarios, such as ransomware attacks, some solutions can even automate containment actions, like isolating compromised devices, to prevent the spread of the threat. This ensures a timely and effective response, aligning with regulatory expectations for operational resilience.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.