Cyber Crossroads 2025: How DORA, NIS2, and SEC Rules Are Reshaping Third Party Cyber Risk Management cover art

Cyber Crossroads 2025: How DORA, NIS2, and SEC Rules Are Reshaping Third Party Cyber Risk Management

Cyber Crossroads 2025: How DORA, NIS2, and SEC Rules Are Reshaping Third Party Cyber Risk Management

Listen for free

View show details

About this listen

In this episode of The Third Party Risk Institute Podcast, we take a deep dive into the three landmark regulations set to redefine cybersecurity and third-party risk management (TPRM) in 2025:

  • DORA (EU Digital Operational Resilience Act) – binding requirements for financial institutions and ICT providers, including detailed vendor contract clauses, unrestricted audit rights, and concentration risk analysis.
  • NIS2 Directive – expanding cybersecurity obligations across 18 critical sectors with strict incident reporting timelines, supplier security expectations, and senior management accountability.
  • U.S. SEC Cybersecurity Disclosure Rule – mandating public companies to disclose material cyber incidents within four days and report annually on vendor cyber risk management practices.

Together, these regulations signal a global shift: cyber resilience and third-party risk oversight are now board-level imperatives.

What we cover in this episode:
• Key contract clauses and due diligence steps required by DORA
• How NIS2 expands supply chain risk accountability beyond finance
• Why SEC rules make vendor cyber incidents investor disclosures
• Practical ways to embed vendor oversight into enterprise risk programs
• Actionable steps for CROs, CISOs, and TPRM teams to stay compliant

You’ll walk away with practical guidance on:
• Performing a regulatory gap analysis across DORA, NIS2, and SEC rules
• Updating vendor contracts with notification, audit, and cooperation clauses
• Building a structured supply chain security program aligned with ISO 27001 and NIST CSF
• Preparing disclosure processes and templates to meet SEC 8-K reporting deadlines
• Using certifications like C3PRMP to build in-house expertise and demonstrate readiness

This episode is essential listening for:
• Chief Risk Officers, CISOs, Vendor Risk Managers, and Procurement Leaders
• Cybersecurity, Compliance, and Audit Professionals
• Board Members and Executives overseeing enterprise resilience

By embracing these regulatory changes, you won’t just avoid penalties, you’ll strengthen trust, enhance resilience, and gain a competitive edge in today’s interconnected economy

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.