No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Are You Wearing Rose-Colored Glasses — or Blinders? How Executives’ Views on Cyber Risk Can Affect Compliance

Why a compliance-first approach can obscure the full view of organizational risk

by Meghan Maneval
April 26, 2023
in Cybersecurity, Risk
rose colored glasses

Changes to digital spaces in recent years have led to a sharp rise in IT risk for many organizations. With cloud adoption, digital processes, remote work and third-party relationships growing dramatically, new, complex and expanded threat landscapes now exist — and bad actors are eager to exploit them. And not all organizations are adequately prepared to handle the risk. RiskOptics’ Meghan Maneval talks about how leadership’s view of risk colors the compliance function.

It takes an average of 277 days for cybersecurity teams to identify and contain a data breach, according to IBM and Ponemon Institute, so every second a company lacks visibility or fails to respond actively gives bad actors a chance to cause significant damage. That’s why a proactive approach to seeing, mitigating, understanding and acting on risk is key to improving the effectiveness of security and, thus, cyber compliance.

But risk isn’t treated or even viewed the same in all organizations, and these differences can have consequences for a variety of stakeholders. When it comes to cyber risk, the details are in the eye of the beholder.

first day_frn
Governance

What Kraken’s New CCO Needs to Know (and So Do You)

by Gaurav Kapoor
April 12, 2023

Two weeks after C.J. Rinaldi was announced as the chief compliance officer of Kraken, the cryptocurrency platform settled SEC charges, accepted a $30 million fine and agreed to shutter its staking services in the U.S.

Read more

Rose-colored glasses and blinders

According to Forrester, just 35% of security leaders believe that compliance drives the right focus and behaviors within their business. This disconnect needs to be remedied, and better risk assessments are the answer. Leaders recognize that compliance needs to be supplemented with a risk-first mindset. Budgets are expanding for risk-first approaches, with 59% of security leaders planning to increase investment in risk technology, citing risk management as a business priority almost twice as often as compliance.

Some companies think adhering to compliance regulations is enough to protect an organization. While that might be true in some lucky organizations, this approach is not as all-encompassing as the current threat landscape requires of security leadership. 

Yes, regulations and policy changes are core to a strong compliance program, and there are ways to digitize and automate the process. Anticipating the threats looming in certain markets, regions and economic conditions will help information security leaders and chief information security officers (CISOs) lead proactive and agile risk management programs. Leaders who subscribe to compliance alone without considering their organization’s risk appetite will be missing the full picture of risk. Not acknowledging this aspect of security is akin to wearing rose-colored glasses — or worse, blinders that obscure the vulnerabilities impacting companies.

That is not to say that a compliance-first approach is wrong. However, supplementing existing compliance activities with a risk-based approach grounds the program in the very real, imminent threats that surround their businesses. For example, if a company wants to expand into Germany, the compliance-first approach is likely to involve a gap analysis of the EU GDPR. In contrast, a risk-first approach begins by identifying the unique threats, vulnerabilities, processes, policies and third-party providers in scope relevant to the Germany expansion. Next, the impact and likelihood of each are assessed, and complementary controls are identified to reduce said risk.

Magnifying glasses

On the other end of the spectrum of risk and compliance, some leaders use magnifying glasses. This kind of leader is buried deep in the specifics and analysis of their risk programs, generally, because they don’t understand what is being done holistically to reduce risk. Magnifying glass users are great at getting granular in their approach to compliance, but they often miss the full view of how risk affects business and how it can be leveraged to ensure that stakeholder investment is used wisely.

A magnifying-glass approach to risk often stems from a lack of confidence in risk-reduction activities, leading to unmet goals and wasted resources. For the compliance team, it can also be extremely tedious. Prioritizing the details rather than the big picture can make auditing longer, leading to delays in determining control efficacy. Each day spent collecting evidence and assessing controls is one more day your organization isn’t actively preventing risk. Often, by the time an assessment is complete, the data is outdated because of an infrastructure change, new or changing records or new vulnerabilities. This can leave the organization vulnerable, while the compliance team is hooked on the nuances.

Risk-colored glasses

These approaches or perspectives — rose-colored glasses, blinders and magnifying glasses — are no longer adequate for modern organizations.

Leaders can supplement their compliance processes with a risk-first view of the business. When choosing the right approach to risk management, it’s important to select a program that defines risk within the company’s business context. A modern risk management program can and should help organizations gain high-level insight into their compliance and risk posture in the context of their business — allowing companies to break down silos, eliminate gaps and reduce blind spots. 

Cybersecurity leaders can deliver better outcomes with less effort by buttressing their compliance program with a risk-centric vision. A risk-based approach puts cyber risk in a business context so that CISOs and CIOs can connect risk to the business objectives prioritized by the C-suite and board. With visibility into the organization’s overall risk posture, leaders will have an accurate and relevant view into how their actions and investments are impacting business success.


Tags: Cyber RiskRisk Assessment
Previous Post

Team Tuning Out Same Old Compliance Messaging? Mix Things Up.

Next Post

China-Taiwan Conflict Threatens to Strain US Compliance Teams

Meghan Maneval

Meghan Maneval

Meghan Maneval is director of technical product management at RiskOptics (formerly Reciprocity). In this role she is responsible for developing and executing on product strategy, collaborating on in-app functionality and creating and maintaining product best practices and data sets. She has over 15 years of supporting audit, governance, security, risk and compliance activities in highly regulated markets.

Related Posts

moby dick illustration

Whaling: When Business Leaders Become Cyber Weapons

by Aileen Allkins
May 24, 2023

The threat of cyber crime is nothing new for the average business. But new tools like AI mean fraudsters have...

whats app signal gmail phone icons

Companies Are Cracking Down on Chat Apps, But It’s Still Too Hard to Find What They’re Looking For

by Stacey English
May 24, 2023

A hybrid communication environment has become the norm for most companies, from the use of messaging apps to communication systems....

social risk business

Social Selling Creates SEC Compliance, Security Demands for Financial Advisers

by Chris Lehman
May 10, 2023

Social selling gives financial advisers an effective way to connect with potential clients and build a rapport with them as...

real time

Real-Time Risk Management Isn’t Optional Anymore

by Tracy Manning
May 10, 2023

Today’s compliance teams are dealing with a difficult confluence of challenges. Budgets and resources are facing extra scrutiny at the...

Next Post
chinese military exercise

China-Taiwan Conflict Threatens to Strain US Compliance Teams

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT