Articles about compliance

A new report from compliance management company Strike Graph finds a worrying disconnect between the growing complexity of regulatory frameworks and organizations' confidence in their ability to manage them.

According to the report, potential errors (63 percent) and data security issues (50.5 percent) are the greatest concerns for respondents adopting AI in compliance processes. That may explain why only 10.6 percent have adopted advanced, agentic AI systems that are poised to revolutionize the governance, risk, and compliance (GRC) market.

Continue reading →

New research released today by Claroty looks at the impacts of economic and geopolitical uncertainty on organizations' ability to protect their cyber-physical systems (CPS) environments.

Cyber-physical systems are those that overlap the cyber world -- things like industrial control and medical devices -- and may therefore slip below the radar of traditional cybersecurity approaches. The survey, of 1,100 infosecurity, OT engineering, clinical and biomedical engineering, and facilities management and plant operations professionals, shows concerns that economic policies and geopolitical tensions are adding to risk.

Continue reading →

Last month Bitdefender revealed that 70 percent of UK CISO have faced pressure to conceal security incidents, cyberattacks and breaches.

But compliance training specialist Skillcast is warning that this could risk regulatory penalties and erode trust. The concern is heightened by escalating threats, with 612,000 UK businesses and 61,000 UK charities reporting a cyber breach or attack in the past year, with the average cost of the most disruptive breach reaching £3,550 ($4,790) for businesses and £8,690 ($11,730) for charities.

Continue reading →

A newly released survey of US regulatory compliance professionals shows 63 percent say that technology-driven risk is the most significant market force likely to cause compliance issues for US financial services firms in 2025.

Other forces cited are global economic instability (58 percent), increasing regulatory complexity (48 percent), digital assets and crypto markets (37 percent each) and geopolitical instability (20 percent).

Continue reading →

A new survey of nearly 1,500 IT, engineering, and cybersecurity professionals worldwide reveals that 69 percent say maintaining data security and compliance is a top data management obstacle.

Not far behind is managing data volume and growth, cited by 67 percent. The research from Splunk shows 62 percent of respondents claim that difficulties with data management resulted in compliance failures.

Continue reading →

Enterprises are grappling with an increasing compliance burden, subject to multiple frameworks and more regulatory mandates that stretch resources and drive-up costs.

Misconfigurations can further complicate things, often leading to non-compliance and regulatory penalties. Plus time-consuming tasks like auditing, reporting, and system remediation are prone to human error.

Continue reading →

The latest revision to the PCI DSS standard for protecting payment data, PCI DSS 4.0.1, was announced last year and came into force last month.

But what do these new requirements mean for businesses? We spoke to Simon Wijckmans, CEO at web security platform c/side, to find out.

Continue reading →

New research shows that only 29 percent of all organizations say their compliance programs consistently meet internal and external standards.

The report from Swimlane reveals that fragmented workflows, manual evidence gathering and poor collaboration between security and governance, risk and compliance (GRC) teams are leaving organizations vulnerable to audit failures, regulatory penalties and security gaps.

Continue reading →

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

Continue reading →

Increasing amounts of regulation are creating an issue for businesses as they seek to ensure compliance whilst still delivering on their core activities. This is leading many to boost the size of their security teams.

We spoke to Jay Trinckes, CISO of Thoropass, who believes that using AI, with its ability to analyze vast amounts of data quickly and accurately, will be key to bridging this gap without the need for massively expanded staffing.

Continue reading →

New research from governance, risk, and compliance (GRC) specialist MetricStream, in collaboration with GRC Report, looks at risk practitioners' priorities for 2025.

Navigating the complex regulatory landscape is among their top challenges this year, named by 51 percent, with new guidelines, evolving requirements, and unexpected policy shifts occurring almost weekly.

Continue reading →

A new survey of 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide, finds that just 35 percent of data stored in legacy SIEMs delivers tangible value for threat detection.

In addition, only 13 percent of organizations separate out low value data for cheaper storage in a raw data repository. Due to SIEM storage costs, 68 percent of IT security decision makers say they discard low value data and have to hope they won't regret it.

Continue reading →

As the European Union updated the Network and Information Security (NIS 2) Directive in October last year, many companies were asking: what does it take to comply with this sweeping new regulation? Designed to tighten cybersecurity across critical industries, NIS 2 goes beyond the original directive’s framework, bringing strict rules, wider sectoral reach, and substantial penalties.

We spoke to Sam Peters, chief product officer at isms.online, to find out what businesses need to know to ensure compliance and understand the directive's impact on both operations and reputation.

Continue reading →

The rise of AI and increasing global regulations have raised the stakes for businesses, as they navigate complex requirements to protect sensitive data and ensure ethical practices.

A new survey from trust management platform Drata reveals that 48 percent of governance, risk, and compliance (GRC) professionals struggle to keep pace with updates to existing compliance frameworks and identifying areas needing attention.

Continue reading →

There are many factors to consider when deploying AI into an organization, not least of which is maintaining transparency and trust in the process.

We spoke to Iccha Sethi, VP of engineering at Vanta, to learn more about why transparency is so important and how governments and enterprises are responding to this challenge.

Continue reading →