Articles about compliance

A new report from The Conference Board and ESGAUGE finds that 72 percent of S&P 500 companies now flag AI as a material risk in their public disclosures. That’s up from just 12 percent in 2023, underscoring how rapidly AI has moved from experimental pilots to business-critical system.

Reputational risk tops the list, cited by 38 percent of companies. Firms warn that failed AI projects, missteps in consumer-facing tools, or breakdowns in service could quickly erode brand trust. Cybersecurity risks follow, disclosed by 20 percent of firms.

Continue reading →

As White House Executive Orders, NIST mandates, and international deadlines accelerate the push toward post-quantum encryption, the clock is ticking for organizations still grappling with cryptographic debt.

We spoke to Dave Krauthamer, co-founder and field CTO at QuSecure, to learn more about emerging threats, compliance mandates, and mitigation frameworks for organizations looking to get ahead of the coming disruption.

Continue reading →

It’s inevitable that different parts of the enterprise will pull in different directions. This is particularly true when it comes to the IT world where operational teams like the SOC tend to focus on operational resilience while management and the boardroom worry about compliance.

We talked to Kyle Wickert, field chief technology officer of AlgoSec, about how IT pros can balance the compliance demands of the C-suite while maintaining security across sprawling hybrid environments.

Continue reading →

A new report from compliance management company Strike Graph finds a worrying disconnect between the growing complexity of regulatory frameworks and organizations' confidence in their ability to manage them.

According to the report, potential errors (63 percent) and data security issues (50.5 percent) are the greatest concerns for respondents adopting AI in compliance processes. That may explain why only 10.6 percent have adopted advanced, agentic AI systems that are poised to revolutionize the governance, risk, and compliance (GRC) market.

Continue reading →

New research released today by Claroty looks at the impacts of economic and geopolitical uncertainty on organizations' ability to protect their cyber-physical systems (CPS) environments.

Cyber-physical systems are those that overlap the cyber world -- things like industrial control and medical devices -- and may therefore slip below the radar of traditional cybersecurity approaches. The survey, of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management and plant operations professionals, shows concerns that economic policies and geopolitical tensions are adding to risk.

Continue reading →

Last month Bitdefender revealed that 70 percent of UK CISO have faced pressure to conceal security incidents, cyberattacks and breaches.

But compliance training specialist Skillcast is warning that this could risk regulatory penalties and erode trust. The concern is heightened by escalating threats, with 612,000 UK businesses and 61,000 UK charities reporting a cyber breach or attack in the past year, with the average cost of the most disruptive breach reaching £3,550 ($4,790) for businesses and £8,690 ($11,730) for charities.

Continue reading →

A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.

Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).

Continue reading →

A new survey of nearly 1,500 IT, engineering, and cybersecurity professionals worldwide reveals that 69 percent say maintaining data security and compliance is a top data management obstacle.

Not far behind is managing data volume and growth, cited by 67 percent. The research from Splunk shows 62 percent of respondents claim that difficulties with data management resulted in compliance failures.

Continue reading →

Enterprises are grappling with an increasing compliance burden, subject to multiple frameworks and more regulatory mandates that stretch resources and drive-up costs.

Misconfigurations can further complicate things, often leading to non-compliance and regulatory penalties. Plus time-consuming tasks like auditing, reporting, and system remediation are prone to human error.

Continue reading →

The latest revision to the PCI DSS standard for protecting payment data, PCI DSS 4.0.1, was announced last year and came into force last month.

But what do these new requirements mean for businesses? We spoke to Simon Wijckmans, CEO at web security platform c/side, to find out.

Continue reading →

New research shows that only 29 percent of all organizations say their compliance programs consistently meet internal and external standards.

The report from Swimlane reveals that fragmented workflows, manual evidence gathering and poor collaboration between security and governance, risk and compliance (GRC) teams are leaving organizations vulnerable to audit failures, regulatory penalties and security gaps.

Continue reading →

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

Continue reading →

Increasing amounts of regulation are creating an issue for businesses as they seek to ensure compliance whilst still delivering on their core activities. This is leading many to boost the size of their security teams.

We spoke to Jay Trinckes, CISO of Thoropass, who believes that using AI, with its ability to analyze vast amounts of data quickly and accurately, will be key to bridging this gap without the need for massively expanded staffing.

Continue reading →

New research from governance, risk, and compliance (GRC) specialist MetricStream, in collaboration with GRC Report, looks at risk practitioners' priorities for 2025.

Navigating the complex regulatory landscape is among their top challenges this year, named by 51 percent, with new guidelines, evolving requirements, and unexpected policy shifts occurring almost weekly.

Continue reading →

A new survey of 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide, finds that just 35 percent of data stored in legacy SIEMs delivers tangible value for threat detection.

In addition, only 13 percent of organizations separate out low value data for cheaper storage in a raw data repository. Due to SIEM storage costs, 68 percent of IT security decision makers say they discard low value data and have to hope they won't regret it.

Continue reading →