Compliance versus risk: Why choosing the right approach is so important

As risks of data breaches, plus fines for non-compliance rise, organisations understand the need for cybersecurity risk management.

In a new e-book, Galvanize states it takes an average of 280 days to identify and contain a data breach and costs $3.86m to deal with the fallout. This is on top of the time and costs spent complying with industry and government regulations around data and privacy protection. With huge expenses, many firms are prioritising cybersecurity.

Its new e-book,  Shifting cybersecurity from a compliance to a risk focus, states organisations simply focusing on compliance with their cyber risk management programs are overlooking substantial risk factors. Typically, chief information security officers are in charge of cyber risk management programs and can vary in focus. Many are centred exclusively on meeting compliance and others focus on mitigating cybersecurity risks.

Galvanize believes that while establishing a good defence posture can mitigate known threats, it lacks visibility into the changing threat landscape and leaves firms unprepared for new risks.

In an example, during the Covid-19 pandemic, many organisations found their security compromised due to teams working remotely without sufficient infrastructure or preparation. In Q1 2020, the frequency of large-scale breaches increased by 300% above the previous quarter.

In order to prepare for changing risk scenarios, Galvanize states it is essential to create a cybersecurity approach that is focused on risk evaluation and management, not just compliance.

Furthermore,  firms need to realise cyber risk management should not be completed in a silo. Departments across an organisation need training and education around cybersecurity issues. For example, HR teams should implement policies around avoiding insider attacks and supplier agreements need to use standards that reduce third-party breach risks.

Once a comprehensive program has been implemented, which combines cybersecurity risk analysis and best practices, firms can generate buy-in across the organisation and shine a light on the important work your team is doing, Galvanize stated.

Download the full e-book here: Shifting cybersecurity from a compliance to a risk focus.

Copyright © 2021 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.