Mr. Brian Honan:

This is something that will be coming. We see the EU doing a lot in this regard. Next January, the EU Digital Operation Resilience Act will come into play. This will ensure entities in the financial sector, such as credit unions and banks, will all have to meet cybersecurity standards and their supply chains will also be included. The cyber resilience Act, known as the CRA, will come into effect in approximately three years' time. Under this legislation, any digital device will have to meet a minimum level of standard from a cybersecurity point of view to be sold in the EU. If I want to develop a new digital product and sell it in the EU, it will have to meet certain minimum level of cybersecurity.

It is very similar to the safety standards we see on the products we buy. There is going to be a cyber equivalent of that three years from now. As the National Cyber Security Bill, the Digital Operational Resilience Act and other Bills comes through, the tide will gradually rise and all firms will have to comply with these measures to improve cybersecurity generally. I wonder how many companies would take cybersecurity seriously without this regulation coming in.