It is important to understand that evidence of regulatory compliance does not ensure that a business is actually cyber secure.
Thycotc, a provider of privileged account management solutions, surveyed more than 400 global business. It found that 58 percent of respondents scored a failing grade when evaluating their organization's efforts to measure their cybersecurity investments and performance against best practices. The survey also found that while global companies spend more than $100 billion a year on cybersecurity defenses, 80 percent of respondents failed to include business users in making cybersecurity purchase decisions. Many companies are not looking at cyber activites from a business impact evaluation or perspective. At Digital Risk Insight, we offer regulatory compliance advisory services separately from cyber security advisory services for that reason.
Cyber resilience is the end goal for an organisation. Our focus is biased toward conducting good cyber due diligence and assessments, implementing proper detection controls,having effectively enforced third-party risk and insider risk programs and conducting testing and simulations. If such practices are implemented, organizations can stay ahead of industry regulations, because their response to any new cybersecurity requirement is less likely to demand a dramatic overhaul of their current program.