What happens when a country aims to carve its own cybersecurity regulatory path post-Brexit while the rest of the region moves toward harmonized frameworks like the EU’s NIS2 directive? In this episode of The Business of Cybersecurity Podcast, we unpack the evolving conversation around the UK’s Cyber Security and Resilience Bill with Ricardo Ferreira, Field CISO at Fortinet.

Ricardo offers a sharp, comparative analysis between the UK's proposed bill and the EU's more prescriptive NIS2 directive. He explains why the UK's current approach lacks the specificity needed to tackle critical issues like supply chain security, board-level accountability, and sector-specific risk frameworks. While the UK’s legislative draft includes promising buzzwords and broad commitments, Ricardo notes that it falls short on actionable guidance and enforcement mechanisms—areas where NIS2 has already set a clearer precedent.

But amid these gaps lies a strategic opportunity. Ricardo discusses how the UK can leverage its regulatory independence to selectively adopt the most effective elements from NIS2, crafting a more agile and industry-friendly cybersecurity framework. He highlights the importance of involving diverse stakeholders—from industry bodies to international partners—in shaping regulation that’s both resilient and responsive to evolving threats.

The conversation also explores:

• The importance of making board members directly accountable for cybersecurity risk
• Why workforce training must be mandated alongside technical requirements
• Lessons from NIS2 on post-breach response and business continuity planning
• The need for advisory committees and continuous legislative updates to keep regulation relevant in an AI-driven threat environment

Ricardo closes the episode with a personal story about how visionary leadership early in his career helped shape his trajectory—reminding us that real resilience is built not just through technology or regulation, but through people who see potential and invest in it.

If you're navigating cybersecurity compliance, policy development, or executive accountability, this episode is a timely and thought-provoking listen.