compliance

The modern world thrives on data, but what happens when that data has outlived its usefulness? Legacy data can become a weak link in corporate security. These records don’t just take up space; they expand the exposure surface in a breach and can damage both finances and reputations.

We spoke with Rob Shavell, co-founder and CEO of DeleteMe, about why companies can’t afford to ignore legacy data and what they can do to address it.

Privacy has been increasingly in the news over the last year with plans for government digital IDs and age verification for websites, as well as concerns about how eCommerce businesses and others use personal data.

What can we expect from the privacy landscape in 2026? Some industry experts give us their views.

A new report reveals an increasing disconnect between cybersecurity and compliance priorities and organizational capacity to address them.

The study from Secureframe, based on a survey of 255 security, compliance, and IT professionals, finds security teams are carrying unprecedented responsibility with insufficient resources, manual compliance work is consuming critical time, and the absence of verifiable security credentials is directly impacting revenue.

A survey of over 2,000 IT and security decision-makers finds that 71 percent of in-house IT builds are eventually abandoned. In heavily regulated industries like manufacturing and finance this rises to 83 percent, which underscores how complexity and compliance pressures make homegrown systems difficult to sustain.

The study from Exclaimer calls this ‘The DIY Mirage’, a false sense of control and efficiency that fades as maintenance demands, compliance risks, and long-term costs grow.

Nearly 40 percent of organizations have experienced security or compliance incidents directly linked to governance gaps introduced during cloud migration according to a new report.

The study from Pathlock, based on responses from 620 enterprise IT, compliance, and security leaders, finds that in spite of the regulatory pressures many organizations face, with respondents operating under major regulations like SOX, GDPR, and others, governance is often treated as an afterthought.

A new report from The Conference Board and ESGAUGE finds that 72 percent of S&P 500 companies now flag AI as a material risk in their public disclosures. That’s up from just 12 percent in 2023, underscoring how rapidly AI has moved from experimental pilots to business-critical system.

Reputational risk tops the list, cited by 38 percent of companies. Firms warn that failed AI projects, missteps in consumer-facing tools, or breakdowns in service could quickly erode brand trust. Cybersecurity risks follow, disclosed by 20 percent of firms.

As White House Executive Orders, NIST mandates, and international deadlines accelerate the push toward post-quantum encryption, the clock is ticking for organizations still grappling with cryptographic debt.

We spoke to Dave Krauthamer, co-founder and field CTO at QuSecure, to learn more about emerging threats, compliance mandates, and mitigation frameworks for organizations looking to get ahead of the coming disruption.

It’s inevitable that different parts of the enterprise will pull in different directions. This is particularly true when it comes to the IT world where operational teams like the SOC tend to focus on operational resilience while management and the boardroom worry about compliance.

We talked to Kyle Wickert, field chief technology officer of AlgoSec, about how IT pros can balance the compliance demands of the C-suite while maintaining security across sprawling hybrid environments.

A new report from compliance management company Strike Graph finds a worrying disconnect between the growing complexity of regulatory frameworks and organizations' confidence in their ability to manage them.

According to the report, potential errors (63 percent) and data security issues (50.5 percent) are the greatest concerns for respondents adopting AI in compliance processes. That may explain why only 10.6 percent have adopted advanced, agentic AI systems that are poised to revolutionize the governance, risk, and compliance (GRC) market.

New research released today by Claroty looks at the impacts of economic and geopolitical uncertainty on organizations' ability to protect their cyber-physical systems (CPS) environments.

Cyber-physical systems are those that overlap the cyber world -- things like industrial control and medical devices -- and may therefore slip below the radar of traditional cybersecurity approaches. The survey, of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management and plant operations professionals, shows concerns that economic policies and geopolitical tensions are adding to risk.

Last month Bitdefender revealed that 70 percent of UK CISO have faced pressure to conceal security incidents, cyberattacks and breaches.

But compliance training specialist Skillcast is warning that this could risk regulatory penalties and erode trust. The concern is heightened by escalating threats, with 612,000 UK businesses and 61,000 UK charities reporting a cyber breach or attack in the past year, with the average cost of the most disruptive breach reaching £3,550 ($4,790) for businesses and £8,690 ($11,730) for charities.

A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.

Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).

A new survey of nearly 1,500 IT, engineering, and cybersecurity professionals worldwide reveals that 69 percent say maintaining data security and compliance is a top data management obstacle.

Not far behind is managing data volume and growth, cited by 67 percent. The research from Splunk shows 62 percent of respondents claim that difficulties with data management resulted in compliance failures.

Enterprises are grappling with an increasing compliance burden, subject to multiple frameworks and more regulatory mandates that stretch resources and drive-up costs.

Misconfigurations can further complicate things, often leading to non-compliance and regulatory penalties. Plus time-consuming tasks like auditing, reporting, and system remediation are prone to human error.

The latest revision to the PCI DSS standard for protecting payment data, PCI DSS 4.0.1, was announced last year and came into force last month.

But what do these new requirements mean for businesses? We spoke to Simon Wijckmans, CEO at web security platform c/side, to find out.