The evolution of regulatory assessments: Building cyber and operational resilience

Regulatory assessments such as CBEST, TBEST, TIBER, iCAST, and CORIE, are more than just tick box exercises to remain compliant. By assessing organizations in realistic, threat-intelligence-led attack simulations, they present an opportunity to build defensive capability and minimize the disruption to core business services from a cyber attack. Regulatory frameworks currently apply to financial institutions, telecoms providers, governmental bodies, and the civil nuclear sector. It is expected that yet more critical industries will adopt them. This guide is designed to help such organizations maximize the value they gain from regulatory assessment by: Showing how they can use the output of regulatory assessment to drive improvements in defensive capability and cyber resilience. Explaining the activities they may undertake to build defensive capability before and after a regulator-led assessment. Demonstrating how regulators themselves apply lessons learned from assessments to develop their testing frameworks in line with evolving attacker techniques and motivations. Predicting how regulatory assessments will continue to evolve in the future to drive further cyber resilience in critical industries