Request Demo

Thought Leadership

A Cybersecurity Compliance Crystal Ball For 2019


What Recent News Means for the Future

The compliance landscape is changing, necessitating changes from the compliance profession as well. A team of experts from CyberSaint discuss what compliance practitioners can expect in the year ahead with co-authors Padraic O’Reilly, CyberSaint CPO and Co-Founder and Adam Bryan, Advisor

Regardless of experience or background, 2019 will not be an easy year for information security. In fact, we realize it’s only going to get more complicated. However, what we are excited to see is the awareness that the breaches of 2018 have brought to information security – how more and more senior executives are realizing that information security needs to be treated as a true business function – and 2019 will only see more of that.

Regulatory Landscape

As constituents become more technology literate, we will start to see regulatory bodies ramping up security compliance enforcement for the public and private sectors. Along with the expansion of existing regulations, we will also see new cyber regulations come into fruition. While we may not see U.S. regulations similar to GDPR on a federal level in 2019, these conversations around privacy regulation will only become more notable. What we are seeing already is the expansion of the DFARS mandate to encompass all aspects of the federal government, going beyond the Department of Defense.

Customization of the NIST CSF

One of the more remarkable aspects of the NIST CSF is its broad applicability. It has been praised for its versatility across industries, and we will see the expansion of the CSF into emerging technologies. In 2018, we participated with NIST in drafting an “Informative Reference” for the internet of things. More guidelines for emerging technology are expected to develop and expand. Already, we are seeing the development of standards in the financial and health industries that also draw from the NIST CSF, and we expect that those standards will begin to converge into the specific NIST Profiles per sector.

End of Modular GRC

Legacy GRC products are becoming long in the tooth, and 2019 may be the final year for these module-based platforms as a viable solution. We are beginning to see security leaders at companies of all sizes adopting lighter weight SaaS solutions that communicate risk data across the business in a clear, simple way. Integrated risk management (IRM) platforms – coined by Gartner – that tend to be more agile and flexible will become the norm to augment and enhance existing GRC programs and help newer programs get up to speed on compliance and risk management quickly – aspects which are necessary for today’s ever-shifting business environment.

CEOs are Engaged in Cybersecurity

The breaches that have captivated headlines (most recently with Marriott and going back to Equifax) have caused many CEOs to take greater concern with their security programs. We have seen this year that the integrity of a security program is directly connected to a company’s bottom line. This will be the year CEOs and boards go from reacting to security events to being proactively involved in their security programs.

Increased Demand for Quantitative Risk

With CEOs and boards becoming more involved with their organization’s security program, the need for hard numbers around risk will become even greater. We’ve already seen CISOs becoming more accustomed to quantifying risk with frameworks like NIST 800-53 and the FAIR Model. The next step will be effectively communicating that posture to nontechnical stakeholders in a business context. The key performance indicators that CISOs and CIOs are assessed on have changed as a result. If data is the new currency, then CxOs will start being held to the same reporting standards as traditional business functions. Perhaps, the CIO is the new CFO.

This post originally appeared on Corporate Compliance Insights. Read the original here.  

You may also like

Downgrade Of Equifax By Moody’s ...
on May 28, 2019

In response to this week’s downgrade by Moody’s of Equifax as a result of its 2017 massive breach of consumer data, six cybersecurity and risk experts offer perspective on this ...

Insights from Verizon’s 2019 Data ...
on May 9, 2019

$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing ...

CyberSaint Introduces First ...
on April 16, 2019

New CyberStrong™ integrated risk management platform capabilities deliver actionable vulnerability intelligence, single sign-on (SSO), various hosting options, and customer-facing ...

Should There Be ‘Safe Harbor’ ...
on February 20, 2019

Sometimes, you do the best you can, but things happen anyway. You follow all the best practices, all your systems are locked down, you spend twice as much as your peers on ...

Data Center Knowledge
CyberStrong Integrated Risk ...
on February 19, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, a cybersecurity software firm that powers automated, intelligent compliance and risk management, today announced that the company ...

Booz Allen 2019 Cyber Threat Report
on February 7, 2019

@BoozAllen @BoozAllenCyber #cybertrends #cybersecurity #cyber Find out the 8 ways threat actors can make waves in 2019 in the annual Booz Allen Cyber Threat Outlook Report: ...