Headed to RSA in San Francisco? May 6-9 | Join us!

Cybersecurity and Compliance in EMEA Compared to the U.S.

Online activity has soared in the wake of the pandemic, and much of it, like ecommerce shopping and telemedicine, is expected to remain elevated even as we exit the health emergency. This new reality has made cybersecurity and compliance top of mind issues for business leaders, with organizations around the world making them priorities to keep customer and partner data safe. Although cybersecurity and compliance are global matters, the landscape of each looks different depending on the market and can influence how organizations do business in these areas. 

In this blog, we compare the EMEA (Europe/Middle East/Africa) market to the U.S. in the context of compliance, data privacy, and threats to cybersecurity. 

Compliance in EMEA vs the U.S. 

When it comes to compliance in EMEA vs the U.S., there is a marked difference as to what, or who, leads in creating standards: regulatory agency vs industry. In EMEA, regulatory bodies tend to guide compliance. Whether it’s the European Union (E.U.) that draws up and approves rules like GDPR (General Data Protection Regulation), or the Information Commissioner’s Office (ICO) in the UK, some type of government-driven regulatory body usually leads the way. 

In the U.S., compliance standards are often left to industry councils or associations. These include: 

  • PCI DSS – The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. with the goal of managing the ongoing evolution of the PCI DSS (Payment Card Industry Data Security Standard). 
  • SOC – SOC (System and Organization Controls) is an information security framework defined by the AICPA (American Institute of Certified Public Accountants). In 2021, SOC 2 was the most popular audit for cybersecurity, IT, quality assurance, internal audit, finance, and more. 
  • HITRUST – In collaboration with healthcare, technology and information security organizations, HITRUST established the HITRUST CSF: a framework to comply with standards such as ISO/IEC 27000-series and HIPAA. 

Data Privacy in EMEA vs the U.S. 

The presence (or lack thereof) of regulatory bodies has had implications on data privacy across Europe and the U.S. In 2016, the European Parliament and Council of the European Union passed the GDPR which sought to protect the data privacy of European citizens. As a result of the strict regulations, companies all over the world had to alter how they do business to avoid facing stiff penalties. 

But the U.S. has not instituted a comprehensive, federal data privacy protection framework for all of its citizens (although one could be on the horizon). However, some individual states such as California, Colorado, Connecticut, and Virginia have passed their own set of regulations, with other states considering legislation at the requests of citizens. The piecemeal approach is likely to continue as individual states attempt to pass data privacy protections in the absence of comprehensive, federal legislation.    

Cyber Threats in EMEA vs U.S. 

Unfortunately, one of the areas where both the EMEA and the U.S. seem to be in lock step is threats to cybersecurity. Both regions are seeing record cybersecurity attacks as more activity moves online and to a cloud environment.  

According to Check Point research, North America experienced the fewest attacks compared to other regions around the globe, with 503 weekly per organization. But that figure is up a whopping 61% from the year prior. At the other end of the spectrum, Africa experienced the highest volume of attacks in 2021 (nearly 1,600 a week), up 13% from 2020. Europe experienced 670 attacks weekly, a 68% increase. An official E.U. report lists the top threats to cybersecurity as: 

  • Ransomware 
  • Malware 
  • Cryptojacking 
  • E-mail related threats 
  • Threats against data 
  • Threats against availability and integrity 
  • Disinformation and misinformation 
  • Non-malicious threats (breaches triggered human error) 
  • Supply-chain attacks 

European organizations are playing catch up to their American counterparts when it comes to fortifying their defenses against cyber attacks, which could explain why European organizations experience 33% more cyber incidents. A 2020 study examining cybersecurity spending shows that E.U. organizations allocate on average 41% less spend to cybersecurity than their U.S counterparts. However, an IDC report published in 2021 predicted that European IT security spending will jump 8.3% in 2021, signaling an acknowledgment of the problem of rising cyber security threats and a commitment to solving it. 

As for the Middle East, cybersecurity firm Kaspersky research highlights that malware attacks are becoming a widespread epidemic, accounting for 161 million attacks and growing by 17% when compared to the last year figure – 138 million. Oman, Kuwait, Bahrain and Egypt have seen increases of 67%, 64%, 45% and 32%, respectively. Qatar and the United Arab Emirates (UAE) come in at the lower range with increases of 16% and 7%.  

According to PwC, 58% of organizations in the Middle East are increasing cybersecurity spend in 2022, up from 43% in 2021 as they attempt to protect their systems and sensitive information from growing malicious threats. 

Trust A-LIGN for EMEA Cybersecurity & Compliance 

A-LIGN is a global leader in cybersecurity & compliance. We’re experienced in helping EMEA clients achieve all the regulatory compliance necessary to do business, and also strengthen their cybersecurity posture. From SOC 2 audits to ISO 27001 compliance to GDPR gap assessments, we’re a partner you can trust.   

Contact A-LIGN to learn more about how we can help your EMEA business achieve compliance.