We just released a blog post around NIS2, an upcoming new regulation in the European Union that is very close to SEC and GDPR. Every business in scope will be required to report incidents to the relevant national bodies within a timeframe of 72 hours.
https://www.lacework.com/blog/in-prep-for-nis2-cybersecurity-requirements/
Reporting an incident requires the capability of detecting them. CSPM is not detection, CWPP and UEBA are.
There are other interesting regulations that will follow (CRA - Cyber Resilience Act) that require more efforts in vulnerability management (e.g. CRA recommends SBOM).
Agent
N/A
Platform
Using Lacework/Operationalizing
Cloud
N/A