TSMC Reports Strong Growth in Sales and Profits in Q1
Taiwan Semiconductor Manufacturing Co (TSMC) recorded growth in profit and sales in the first quarter of 2025.
Right now, throughout the European Union, legal representatives of categorized companies are considering the content of categorization decisions following national laws on cybersecurity and related legal acts. The questions are numerous: What are our legal deadlines? Are we categorized as a key or important entity? Who will prepare the documentation? How much will it cost us?
However, rarely does an organization ask itself the key question: is our organization even ready to change this level? Because the Cyber Security Act is not just a compliance obligation – it is a systematic transformation. And as with any transformation – without a strategically managed change management process, all further steps become operationally risky and organizationally unsustainable.
True Compliance Begins Before Technology
Analogous to capital management, where market analysis is first conducted, an investment strategy is defined, and a risk management structure is set, so in this case, the technical solutions come after strategic preparation. Appointing a CISO, implementing a SIEM system, and creating recovery and business continuity plans – these are all necessary but secondary steps. The first step is to create organizational awareness and management will. In other words, change management as a prerequisite for the implementation of the Act.
Change management: A strategic discipline, not an operational task.
Change management is not just a "soft" aspect of transformation. It is, at its core, a project of human, organizational, and communication risk management. In the context of cybersecurity, it has five clearly defined dimensions:
Sponsorship at the highest level - changes at this level do not succeed without clear, loud, and visible support from top management. Management must not only be a signatory of acts – it must be a spokesperson for change, a key communicator, and a patron of resources. Without leadership, compliance becomes a formality.
Stakeholder identification and influence map – in every organization, there is a complex network of influences – formal and informal. Successful change management knows who the key allies are, who the potential resistors are, and how to engage them. Cybersecurity is not the responsibility of just one team – it is an interdisciplinary challenge that requires cooperation between IT, legal, human resources, audit, and business lines.
Strategic communication with the aim of changing behavior - education and information are not synonymous. Change does not happen because someone is "familiar", but because they are involved and motivated. Messages about the importance of safety must be clear, tailored to different target groups, and geared towards the specific risks and benefits for each actor.
Capacity for learning and empowerment - systems are only as powerful as the competent people who use them. Change management involves building long-term capacities through systematic education, the development of internal security ambassadors, and the creation of an environment in which learning is not a one-time activity but a business habit.
Measuring, feedback, and managing resistance – every change causes resistance – and not just because of reluctance, but because of uncertainty, overload, or ambiguity. A successful approach involves setting up success indicators, feedback systems, and mechanisms for quickly identifying and resolving obstacles.
Cyber resilience is not a function of IT but of culture
In 2025, cybersecurity management will cease to be a task of a single function. This becomes part of enterprise risk management, reputation management, and business strategy. Ultimately, the question for each Management is: Do we have not only the tools but also the people, structures, and mindset to implement this change?
Without changing the way of thinking, behaving, and communication within the organization – all plans and technical solutions remain vulnerable. In such an environment, even the best firewall cannot protect an organization from the most dangerous vector: the human factor.
The real challenge of the Cybersecurity Act is not just its implementation, but its institutionalization – its rooting in the way the organization functions, communicates and makes decisions. And a project plan is not enough for that. It takes leadership, dedication, and change management.
This is where real security begins.
Više vijesti iz kategorije
US Court Finds Google Holds Illegal Ad Tech Monopolies
The district court in Virginia decided that Google illegally dominates two online advertising markets.
Intel Sold Majority Stake in Altera for $4.46 Billion
Intel offloaded a 51% stake in its programmable chip business, Altera, to private equity firm Silver Lake.
