Over the last several years, with the rise in massive data breaches, which lead to public outcry, governments have responded with ever-increasing regulatory requirements.
(This chapter is an excerpt taken from Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers, Second Edition. Published by Palo Alto Networks.)
The European Union’s General Data Protection Regulation (GDPR), which came into enforcement on May 25, 2018, may be the most well-known of these governmental efforts.
The need for such a regulation and the complex efforts it took to address its requirements highlighted how poorly prepared companies can be when looking at the issues surrounding their obligations. And yet, GDPR only addresses one significant aspect of cyber risk to a company— the potential loss of individuals’ data and its privacy, which the company has a duty to protect.
Like GDPR, most cyber regulations are created to protect society from behavior that could cause negative impacts. These regulations are likely rooted in the experience of previous attacks and may not extend to other issues until there is enough widespread acknowledgement of the need for certain practices to be modified.
As such, compliance with regulation alone cannot cover the business risks and impacts a company faces from cyberattacks.
Businesses can move beyond compliance by striving to understand the human element. By changing corporate cultures and altering behaviors, they can take proper steps to ensure they are taking the right approach to cybersecurity and, consequently, protect their valuation and hard-earned reputation.
For the leaders of any organization, whether you are part of the executive management team or the board, the path to better cybersecurity extends to the people, processes, technologies, and cultures you put in place, regardless of whether a regulation requires it.
Being prepared is not merely about achieving or even maintaining compliance; it is about adopting a cybersecurity culture that ensures the people in your organization are ready to deal with any eventuality, whenever it may occur.
Download the full chapter here, (please note the text begins on page 10).