Implications of cyber incident reporting obligations on multinational organizations headquartered in Switzerland
Open access
Date
2024Type
- Journal Article
ETH Bibliography
yes
Altmetrics
Abstract
As the digital landscape evolves, states are increasingly implementing national cyber incident reporting obligations to enhance cyber resilience. This study investigates the implications of these obligations on multinational organizations, focusing on the variability of compliance requirements across jurisdictions and the challenges faced by companies in adhering to these diverse regulations. Through the methodological approach of conducting interviews with cybersecurity experts across various sectors, this study points out the growing complexity in cybersecurity incident reporting obligations. Findings reveal that companies employ multiple strategies to report to regulators, monitor regulatory changes, and educate employees responsible for reporting. However, maintaining compliance is identified as a significant challenge across all sectors, leading to calls for the standardization of regulations and the improvement of automation solutions. Given the lack of research in this area, this work lays the groundwork for future research, opening new avenues for investigation into the potential standardization and automation of cyber incident reporting processes. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000695876Publication status
publishedExternal links
Journal / series
International Cybersecurity Law ReviewPublisher
SpringerSubject
Cyber incident reporting; Multinational corporations; Compliance; Cybersecurity strategiesOrganisational unit
09775 - Zimmermann, Verena / Zimmermann, Verena
More
Show all metadata
ETH Bibliography
yes
Altmetrics