Blog – Page 105 – CIO.works

NIS2 Is Intended to Make Organizations More Secure, but Will It Succeed?

NIS2 aims to enhance cyber resilience among EU organizations, but many member states have yet to implement it into national law ahead of the October 2024 deadline. An expert roundtable highlighted the varied progress, with countries like the Netherlands facing challenges due to bureaucratic delays. Compliance is viewed as necessary for security, yet many organizations remain reactive rather than proactive. There’s concern about the capacity of CERTs to support compliance efforts. Overall, while NIS2 could foster better security practices, the path to complete implementation remains complex and costly.

https://www.techzine.eu/blogs/security/133821/nis2-is-intended-to-make-organizations-more-secure-but-will-it-succeed/

A New Question For CIOs – Technology Sovereignty

By CIO / Blog / cybersecurity

CIOs should prioritize “technology sovereignty” due to geopolitical tensions affecting global cloud operations, risking business continuity and regulatory compliance. This requires revising IT strategies for resilience by assessing risks, diversifying providers, and establishing contingency plans.

https://www.forbes.com/sites/sanjaysrivastava/2025/08/16/a-new-question-for-ciostechnology-sovereignty/

AI Vibe Coding Meets Its Match in Flow Defending

By CIO / Blog / cybersecurity, AI

Enterprises face a cybersecurity crisis due to rapid software development outpacing vulnerability patching, exacerbated by AI technologies. Exploits can occur within hours of vulnerability disclosure, while patching timelines stretch from 38 to over 150 days, increasing breach costs. A new approach, “flow defending,” is essential, distributing automated vulnerability management throughout the software development life cycle (SDLC) to enhance speed and efficiency, minimize risks, and align security metrics across teams.

https://www.scworld.com/perspective/ai-vibe-coding-meets-its-match-in-flow-defending

Guiding Cybersecurity Compliance: An Ontology for the NIS 2 Directive

By CIO / Blog / NIS2

NIS2Onto is an OWL ontology designed to translate the NIS 2 Directive into a structured format, facilitating cybersecurity compliance by automating verification processes and supporting risk assessments. It interprets legal language into actionable security measures for diverse stakeholders. The article evaluates NIS2Onto through metrics and a practical case study, highlighting its effectiveness in aiding compliance and understanding complex legal texts. Future work includes extending its application and integrating it with other regulatory frameworks. Overall, NIS2Onto aims to enhance cybersecurity governance by providing a comprehensive compliance tool aligned with European Union directives.

https://www.sciencedirect.com/science/article/pii/S0167404825003062

Business Cybersecurity Tips to Align With EU Regulatory Compliance

By CIO / Blog / NIS2

EU cybersecurity regulations have intensified, affecting how businesses manage cyber risk. Directives like NIS2 and the Cyber Resilience Act require companies to adopt structured risk management, ensure operational resilience, and involve all departments in compliance. Key regulations include the GDPR, which mandates data security, and updated laws targeting digital products and services. Effective compliance hinges on governance, technical security, incident response, employee training, and thorough documentation. Businesses can enhance efficiency and gain competitive advantages through robust cybersecurity practices.

https://business-review.eu/tech/business-cybersecurity-tips-to-align-with-eu-regulatory-compliance-287524

What’s the Right Number of AI Projects? It Depends.

By CIO / Blog / AI

AI project numbers vary by enterprise, influenced by goals, budget, readiness, tech stack, and workforce. Companies average 21 AI projects, but there's no definitive count for optimal projects. Leaders should assess alignment with business objectives, prioritize high-ROI projects, and avoid overspending. Many firms are consolidating AI initiatives amidst cost pressures and market volatility, with a focus on effective use cases while trimming ineffective ones.

https://www.ciodive.com/news/enterprise-AI-project-sprawl-bloat-expansion-spending/757604/

AI FAQ Series

By CIO / Blog / regulation, AI

AI regulation encompasses laws and guidelines for AI development, ensuring safety, ethics, and privacy. Pre-existing and specific laws govern AI use, including the EU AI Act. States are enacting AI laws on ownership, liability, and biases. Ethical responsibilities involve transparency, accountability, and bias mitigation. Compliance requires explaining AI processes and integrating human oversight. Privacy laws impact AI data handling and deletion requests. Ongoing lawsuits may affect AI deployment and liability, necessitating alignment with legal developments.

https://www.orrick.com/en/Insights/2025/08/AI-Regulation-Are-There-Regulations-on-AI-AI-FAQ-Series

As Privacy Policy Heats Up, Lawmakers Should Heed Gen Z’s Preferences

By CIO / Blog / GDPR

Lawmakers should consider Gen Z's preferences in data privacy debates. While current frameworks like GDPR and U.S. privacy laws expect users to avoid data collection, younger generations embrace personalization and targeted ads for convenience. Gen Z is more comfortable sharing data in exchange for improved experiences and values consent over complete data restriction. This suggests a need for privacy tools that empower users rather than stringent regulations. Solutions like tiered consent systems and self-sovereign identity could align better with the digital habits of younger users, encouraging innovation while respecting their preferences.

https://www.techpolicy.press/as-privacy-policy-heats-up-lawmakers-should-heed-gen-zs-preferences/

Ways a CIO Might Derail an AI Strategy Inadvertently

By CIO / Blog / AI

CIOs are cautioned about common pitfalls in AI strategy, emphasizing the need for alignment between technology and business processes, stakeholder input, and measuring outcomes to ensure success and avoid costly mistakes. Adaptability and focused leadership are crucial for overcoming challenges in AI implementation.

https://www.informationweek.com/it-leadership/ways-a-cio-might-derail-an-ai-strategy-inadvertently

Gen AI Present and Future: a Conversation With Meerah Rajavel, CIO at Palo Alto Networks

By CIO / Blog / AI

Palo Alto Networks' CIO Meerah Rajavel discussed using AI for innovation and cybersecurity, emphasizing its dual role in enabling secure AI use and combating AI-driven threats. The firm experiences an increase in sophisticated attacks due to Gen AI, necessitating AI for real-time detection and response. Internal initiatives like the “AI Mastermind Challenge” foster creativity, leading to significant improvements in operations, such as automating IT support processes. The evolving threat landscape includes not just new threats but mutations of existing ones, while AI's potential to enhance efficiency and create new roles is highlighted. Companies beginning their AI journey should prioritize simple, repeatable use cases, demonstrating clear value and ensuring security.

https://greylock.com/greymatter/gen-ai-present-and-future-a-conversation-with-meerah-rajavel-cio-at-palo-alto-networks/