Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure they adhere to it to remain compliant.
However, compliance only ever gets tighter with each passing year. Regulations come and go, and often businesses need to invest a considerable amount of revenue to remain compliant. Many businesses often overlook security when ensuring they are compliant, but if you start from a security perspective you will often automatically meet compliance needs and cover any tightening of regulations.
Today, cybersecurity is a huge issue in virtually all industries with the need for organisations to understand the threat landscape and consider how they can respond effectively to cyber-attacks by having a well-designed plan in place. With a data breach, it is not a matter of if it will happen, but when it will happen. The cost of a data breach – financially and reputationally – can be so large that it can no longer be ignored by organisations.
There are numerous cases of organisations being fully compliant, yet they still suffered a data breach. In 2021 LinkedIn suffered a breach that affected 700 million users, Facebook suffered a breach in 2019 that affected 533 million users and Yahoo! suffered a breach in 2013 that affected over 1 billion users. The problem is worsening, in 2021 39% of UK businesses identified a cyber-attack against them, and in 2022 the same number of UK businesses have identified a cyber-attack against them, and we are only four months into the year. Being compliant is therefore not enough.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lisa Ventura. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/building-strong-business-case-security-and-compliance/