Blog – Page 4 – CIO.works

NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems

NIS2 Directive enhances EU cybersecurity rules across 18 sectors, requiring member states to develop national strategies, manage risks, report incidents, and establish accountability. It expands coverage beyond energy and healthcare to include public services and digital platforms, fostering cooperation and information sharing among nations through CSIRTs and networks like EU-CyCLONe. This legislation, effective from January 2023, supersedes NIS1, aiming for heightened security amidst rising cyber threats. Member states must comply by October 2024.

https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

Commission Calls on 19 Member States to Fully Transpose the NIS2 Directive

By CIO / Blog / NIS2, EU

19 EU Member States called to transpose NIS2 Directive for cybersecurity by October 2024. Commission issues opinion; non-compliance may lead to legal action.

https://digital-strategy.ec.europa.eu/en/news/commission-calls-19-member-states-fully-transpose-nis2-directive

EU Clarifies AI Act’s Prohibited Practices With New Guidelines

By CIO / Blog / regulation, EU, AI

EU issues guidelines clarifying prohibited AI practices under AI Act. Key prohibitions include manipulative techniques, social scoring, risk assessments for crime prediction, untargeted facial image scraping, emotion recognition in certain settings, biometric categorization of sensitive traits, and real-time biometric identification for law enforcement. Guidelines establish legal certainty, refine definitions, and highlight the interplay with existing EU laws. Safeguards for exemptions will require impact assessments on fundamental rights.

https://natlawreview.com/article/european-commissions-guidance-prohibited-ai-practices-unraveling-ai-act

Status Check: Support Is Quickly Eroding for the EU-U.S. Data Privacy Framework

By CIO / Blog / EU, GDPR, data protection, business objectives

Support for the EU-U.S. Data Privacy Framework (DPF) is declining. Recent deregulation and European concerns threaten its stability. Businesses must retain their DPF certification but prepare alternative data transfer methods. Key issues include the U.S. Privacy & Civil Liberties Oversight Board's weakened status and EU warnings about the DPF's adequacy. European regulators recommend “exit strategies” due to anticipated legal challenges, and advocacy groups are pushing for reduced reliance on U.S. data services. Overall, the landscape for transatlantic data transfers is becoming precarious.

https://www.thefirewall-blog.com/2025/05/status-check-support-is-quickly-eroding-for-the-eu-u-s-data-privacy-framework/

Primary Mitigations to Reduce Cyber Threats to Operational Technology

By CIO / Blog / operational technology, cybersecurity

CISA and other agencies recommend key mitigations for critical infrastructure to reduce cyber threats targeting operational technology (OT) and industrial control systems (ICS):

Remove OT connections to the internet.
Change default passwords to strong, unique ones.
Secure remote access with private network connections and strong authentication.
Document and configure remote access solutions based on least privilege.
Segment IT and OT networks.
Maintain the capability to operate OT systems manually.

Organizations should collaborate with service providers to fix potential misconfigurations. Regular communication and established best practices are essential for enhancing cybersecurity posture.

https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology

CIOs Pay Too Much for Not Enough IT Security

By CIO / Blog / cybersecurity

CIOs face IT security challenges, overpaying for ineffective solutions as breaches increase. A survey reveals 90% experienced breaches; half feel they've overspent and underutilized security features. Complexity and inadequate tools hinder effectiveness. The industry shifts towards consolidated, integrated security to simplify procurement and enhance effectiveness, despite concerns over vendor lock-in.

https://www.ciodive.com/news/cios-pay-too-much-for-not-enough-it-security/747194/

States Are Passing AI Laws; What Do They Have in Common?

By CIO / Blog / business objectives, AI, regulation

States are enacting AI laws influenced by the EU AI Act. Common features include disclosure of AI-generated content, use-case transparency, regulations for high-risk applications, and anti-discrimination measures. States like California, Colorado, and Utah lead in these regulations, emphasizing transparency and stakeholder compliance, with potential sanctions for non-compliance. Companies must align with these laws through governance programs, risk assessments, and ethical practices.

https://www.corporatecomplianceinsights.com/states-passing-ai-laws-what-do-they-have-common/

State of the CIO, 2025: CIOs Set the AI Agenda

By CIO / Blog / AI, CIO

CIOs are expanding their roles in AI transformation, emphasizing strategic vision and collaboration. As businesses increasingly focus on AI, CIOs are tasked with guiding organizations in leveraging AI for solving business challenges. The 2025 State of the CIO survey highlights a significant shift towards strategic responsibilities, with 41% of leaders identifying as strategic compared to 35% in 2024. Companies prioritize AI for operational efficiency and customer experience improvement, with a collaborative approach between IT and business units driving AI adoption. Despite challenges in staffing, investment in AI and digital initiatives remains strong, reinforcing the elevated status of CIOs as key business leaders.

https://www.cio.com/article/3974090/state-of-the-cio-2025-cios-set-the-ai-agenda.html

State of the CIO Survey 2025

By CIO / Blog / CIO, trends

CIO Survey 2025 Summary: CIOs are becoming key strategic leaders in AI, customer experience, and digital transformation. This year's survey, featuring insights from 900 IT heads, highlights a shift towards AI-driven innovation and emphasizes CIOs’ roles in aligning tech with business outcomes. Key findings include major investments in AI, a focus on overcoming talent shortages, and changing reporting structures, indicating a growing strategic influence beyond traditional IT roles.

https://www.cio.com/article/3976500/state-of-the-cio-survey-2025.html

How CISOs Can Talk Cybersecurity so It Makes Sense to Executives

By CIO / Blog / cybersecurity

CISOs must communicate cybersecurity to executives in business-relevant terms, focusing on risk, financial impact, and alignment with company goals. This involves translating cyber risks into monetary costs and potential business outcomes, avoiding technical jargon, and providing clear, concise updates. Building relationships with board members, particularly the CFO and legal chief, enhances the effectiveness of communication. CISOs should anticipate board questions and follow up with summaries post-meeting to maintain accountability and clarity.

https://www.helpnetsecurity.com/2025/05/05/ciso-talk-cybersecurity-executives/