We have been busy at RateYourCyber and just rolled out a significant update to the platform. Three new capabilities that address questions we hear constantly from the organisations we work with.
Here is what is new and why it matters.
Regulatory Library
One question comes up more than almost any other: what regulations actually apply to us?
Most organisations either overestimate their obligations, underestimate them, or simply do not know. It is not a failure of competence. The regulatory landscape is genuinely complex. Requirements overlap. Sector-specific rules sit alongside broad data protection laws. And the answer changes depending on where you operate, who your clients are, and what data you handle.
We built a regulatory library that brings together requirements across cybersecurity, HR security, physical security, privacy, and business continuity. It filters by your location and industry so you see what is relevant to your organisation, not a generic list of every regulation that exists.
Coverage currently spans the UK, EU, and US. From GDPR and DORA to sector-specific rules in financial services, healthcare, and critical infrastructure. Each regulation includes a link to the source legislation, a plain-English explanation of what it requires, and context on why it matters to your particular type of organisation.
The goal is not to replace legal advisors. It is to help you walk into those conversations informed rather than guessing. Knowing which regulations apply to you before you sit down with a consultant or auditor saves time, reduces cost, and leads to better outcomes.
NCA Essential Cybersecurity Controls (ECC)
If you work with organisations in Saudi Arabia or are planning to enter the market, this one is important.
NCA ECC framework mapping within the RateYourCyber compliance dashboard
The National Cybersecurity Authority's Essential Cybersecurity Controls framework is required for many government entities and critical infrastructure organisations in Saudi Arabia. It is increasingly expected across their supply chains too. If you are bidding on contracts or providing services to regulated Saudi entities, demonstrating alignment with the ECC is becoming a practical necessity rather than a nice-to-have.
The framework covers 108 controls across five domains: cybersecurity governance, cybersecurity defence, cybersecurity resilience, third-party and cloud cybersecurity, and industrial control systems cybersecurity.
We now map your current security posture against all 108 controls. The platform highlights your gaps, prioritises what to fix first based on risk and effort, and tracks your progress as you work through improvements.
No spreadsheets. No trying to interpret the framework documentation on your own. You complete your assessments on RateYourCyber and the ECC mapping updates automatically based on your actual security controls.
Construction Industry Support
Construction companies are being targeted by cyber attacks far more than most people realise.
The industry has changed. Job sites now run connected equipment and IoT sensors. Project files contain sensitive architectural designs, engineering specifications, and commercial contracts. Supply chains involve dozens of subcontractors, each with varying levels of security maturity. And margins in construction are usually too tight to absorb a serious cyber incident without significant damage to the business.
Ransomware groups have noticed. Construction firms often hold time-sensitive project data that makes them more likely to pay. Phishing attacks target project managers and quantity surveyors who regularly exchange large files and payment instructions with external parties. Business email compromise targeting payment diversions is particularly effective in an industry built on subcontractor invoicing.
The problem with most cybersecurity tools and frameworks is that they were built around how technology companies operate. The advice assumes you have an IT department, a controlled network perimeter, and employees who sit at desks. Construction does not work that way.
We now include construction-specific benchmarking, risk profiles, and remediation roadmaps built around how construction firms actually operate. The assessments account for site-based working, mobile workforces, subcontractor access, project-based data lifecycles, and the specific threat patterns that target the sector.
Why This Matters
Regulation is increasing. Clients are asking security questions earlier in the procurement process. Insurers want evidence of security controls, not promises that things are being handled.
These are not trends that are going to reverse. If anything, the pace is accelerating. DORA came into force in January 2025. NIS2 implementation deadlines are passing across EU member states. The UK's proposed Cyber Security and Resilience Bill signals further tightening ahead.
We built RateYourCyber to give organisations a clear picture of where they stand and a practical path to where they need to be. Without needing a full security team. Without expensive consulting projects that deliver a PDF and disappear.
If any of these updates are relevant to your organisation, the platform is ready. Take an assessment and see where you stand.
See Where You Stand
Start with a free assessment or explore the full platform.
Start Your Assessment Get in Touch