80% of CISOs Confused by New Compliance Regulations
Compliance can be hard; yet, many enterprise CISOs are discovering that achieving compliance is harder than they imagined. It’s a realization backed by a recent study by Infosecurity North America, which showed that almost four of every five CISOs are confused by how to tackle new and changing regulations. The study, which involved polling more than 100 U.S. senior cybersecurity executives, offered numerous other data points, which ultimately could create opportunity for MSSPs and infosecurity consultancies servicing businesses bound by compliance regulations.
For example, the study revealed:
- Seventy-seven percent of respondents said that CISOs are receiving conflicting advice about new or changing regulation, which clearly spells out an educational opportunity for MSSPs to help enterprises navigate change.
- Thirty-five percent of respondents said that regulators should provide clearer communication about compliance requirements, a statistic that demonstrates CISOs aren’t being provided with the resources needed by governing bodies to meet compliance requirements. That creates an opportunity for savvy infosec professionals to offer outreach and other services to enrich their compliance-management businesses.
- Thirty-one percent said that regulatory bodies should allow a grace period so organizations can tweak their processes without penalty; simply put, this number demonstrates that enterprises aren’t ready to meet compliance requirements by the date that regulations go into effect. Solution providers can help those enterprises become compliant before deadlines approach and eliminate the perceived need for grace periods.
- Seventeen percent said that regulatory bodies should permit more time for compliance, and another 17 percent want greater access to troubleshooting resources. Demonstrating that, almost one in five enterprises is having trouble achieving compliance in time and also lack the resources to solve problems. It’s another growth potential for MSSPs willing to take over the thorny issues of compliance.
The business of compliance has become shrouded in poor communications, ill explained requirements, and unrealistic deadlines, creating potential liabilities for enterprises of all sizes. Tackling those issues, and many others which result from compliance regulation may very well take professional compliance officers to achieve, a luxury that many enterprises are ill-equipped to afford. Therein lies the real opportunity for the channel by creating compliance-as-a-service offerings, and even offering virtual compliance officers to tend to an enterprise’s needs. What’s more, compliance is bound to become more complex as time goes on.
“This type of legislation is incredibly intricate,” said John Hyde, exhibition director at Infosecurity North America. “And as it becomes more widespread, legislative and regulatory bodies need to make sure they provide the clarity and resources to make compliance as straightforward as possible.”
One can only hope that clarity will arrive, but in reality, it’s most likely a false hope, meaning that MSSPs and other channel players will need to be at the top of their compliance game to succeed.
“Compliance is an ongoing hot topic for cybersecurity professionals today,” added Hyde. “And given that data privacy regulation continues to become more expansive and commonplace, cybersecurity teams need to be vigilant and stay on the front foot to meet regulatory oversight.”
Compliance is sure to remain a hot topic for some time, and there’s ample evidence that enterprises are not getting it right. For example, Gartner reports that 29 percent of employees witnessed at least one compliance violation In the last two years, which demonstrates that government regulators aren’t the only ones watching for violations. What’s more, there is an enormous potential for growth in services surrounding compliance, with Grand View Research predicting that the enterprise governance, risk and compliance market will be worth $64.6 billion by 2025.
For many, the recent implementation of GDPR gave a small taste of what’s to come in the world of compliance — and that taste proved to be somewhat bitter for most. The channel can help to remove the agita of compliance, while also building up new services that can lead to long-term customer relationships and lucrative contracts.