A CISO's Honest Take on Regulation

cloudflare logo
Cloudflare
Dec 23, 2025
Cloudflare

Cybercriminals don't care about borders.

So why do we have 12 different regulatory frameworks for the same threat?
Olivier Busolini, Group Head of Information Security at Mashreq Bank, voiced the frustration every global CISO feels:

"In every country, I have 12 countries at Mashreq. In every country, there is a slightly different or sometimes vastly different requirement that I have to abide to."

Think about it:
When an APT attacks, they don't check if you're in Country A or Country B. When ransomware spreads, it doesn't stop at regulatory boundaries. When fraud infrastructure operates, it's global by design.

But CISOs?
We're spending massive resources proving compliance with fragmented requirements instead of actually defending against the threats.

The ask is simple: Every regulator has the same objective—protect the country, protect citizens, protect the market.

Why can't we harmonize the controls?
Hear more about the real challenges facing global security leaders in our 2025 Year in Review.

Tune in now:
👉 Spotify: https://open.spotify.com/episode/3oT4iuRJDyrCeBClmnn1Bv
👉 Apple Podcasts: https://podcasts.apple.com/us/podcast/cybersecurity-predictions-2026-what-security-leaders/id1798438916
👉 YouTube: https://youtu.be/cWtNJq3C2Zc

Copyright © 2026 OpsMatters™. All rights reserved.