Regulation serves as an important driver of cyber resilience, with 78% of CISOs and 87% of CEOs surveyed identifying the primary motivations for implementing new cyber-related regulations to be improving their organization’s security posture and mitigating cyber risks. In dealing with systemic ecosystem risk, CISOs affirm the relevance of regulations in imposing minimum requirements on the cybersecurity of organizations, which helps reduce risk and increase customer trust. At the same time, two-thirds of respondents to the GCO survey indicated that proliferation of cyber regulations worldwide adds significant complexity, with businesses having to navigate an increasingly fragmented landscape of regional and global compliance requirements.Reinforcing ecosystem resilience through regulation 0%20%40%60%80%100% 2022 2023 2024 2025Cyber and privacy regulations are effective in reducing my organization’s cyber risks 39%61%78% 73% AgreeThe effect of regulation in reducing organizational cyber risk FIGURE 11 In the European Union, the NIS2 Directive significantly raises the bar for cybersecurity standards, requiring enhanced incident reporting, stricter supply chain oversight and increased accountability for boards of directors. Across the Atlantic, the United States is enforcing CISA’s Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), mandating the prompt disclosure of cyber incidents. In the Asia–Pacific region, countries such as Japan and Singapore are strengthening their cyber laws, with Japan’s Act on the Protection of Personal Information (APPI) and Singapore’s Cybersecurity Act reinforcing compliance for critical infrastructure operators. Additionally, initiatives such as the Digital Operational Resilience Act (DORA), the EU’s General Data Protection Regulation (GDPR), Nigeria’s Data Protection Regulation (NDPR) and Brazil’s General Data Protection Law (LGPD) extend regulatory scrutiny across sectors and borders. While these legal frameworks mandate important cybersecurity practices, they also introduce challenges, such as managing overlapping requirements, achieving compliance in multiple jurisdictions and addressing varied enforcement timelines. The line between regulated and unregulated sectors further complicates resilience, as industries with weaker oversight become conduits for attacks on more fortified entities. Organizations must adopt holistic risk-management approaches, align cybersecurity with governance structures and promote cross-border collaboration to thrive in this increasingly regulated landscape. Global Cybersecurity Outlook 2025 27