Articles about compliance

New research from governance, risk, and compliance (GRC) specialist MetricStream, in collaboration with GRC Report, looks at risk practitioners' priorities for 2025.

Navigating the complex regulatory landscape is among their top challenges this year, named by 51 percent, with new guidelines, evolving requirements, and unexpected policy shifts occurring almost weekly.

Continue reading →

A new survey of 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide, finds that just 35 percent of data stored in legacy SIEMs delivers tangible value for threat detection.

In addition, only 13 percent of organizations separate out low value data for cheaper storage in a raw data repository. Due to SIEM storage costs, 68 percent of IT security decision makers say they discard low value data and have to hope they won't regret it.

Continue reading →

As the European Union updated the Network and Information Security (NIS 2) Directive in October last year, many companies were asking: what does it take to comply with this sweeping new regulation? Designed to tighten cybersecurity across critical industries, NIS 2 goes beyond the original directive’s framework, bringing strict rules, wider sectoral reach, and substantial penalties.

We spoke to Sam Peters, chief product officer at isms.online, to find out what businesses need to know to ensure compliance and understand the directive's impact on both operations and reputation.

Continue reading →

The rise of AI and increasing global regulations have raised the stakes for businesses, as they navigate complex requirements to protect sensitive data and ensure ethical practices.

A new survey from trust management platform Drata reveals that 48 percent of governance, risk, and compliance (GRC) professionals struggle to keep pace with updates to existing compliance frameworks and identifying areas needing attention.

Continue reading →

There are many factors to consider when deploying AI into an organization, not least of which is maintaining transparency and trust in the process.

We spoke to Iccha Sethi, VP of engineering at Vanta, to learn more about why transparency is so important and how governments and enterprises are responding to this challenge.

Continue reading →

A new report shows 90 percent of professionals surveyed report that complying with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

The study, from cloud-based risk and compliance platform AuditBoard, shows information security professionals feel the weight of compliance efforts most, with 38 percent expecting to be impacted to a great extent, compared to 29 percent of risk management professionals and 28 percent of IT professionals. Increased workloads could potentially lead to a greater risk of non-compliance as teams struggle to keep up with daily tasks.

Continue reading →

According to a new report from RegScale and The CISO Society, 94.2 percent of CISOs believe continuous controls monitoring (CCM) has the potential to significantly enhance both compliance and security outcomes.

As organizations struggle with manual workflows, data silos, and limited integrations, CCM provides an effective way to improve visibility, automate processes, and better align security and compliance efforts.

Continue reading →

The EU's Digital Operational Resilience Act (DORA) comes into force tomorrow (Jan 17th) but new research shows that 43 percent of the UK's financial organizations are set to miss the deadline for compliance, with 20 percent expecting to do so by at least four months.

Although the UK is outside the EU its strong financial ties with Europe mean firms operating in or interacting with EU markets will need to align with DORA standards to continue their business relationships.

Continue reading →

Cloud adoption is at the heart of digital transformation, providing organizations with the agility and flexibility they need to stay competitive in today's rapidly changing marketplace.

A new report from Fortinet looks at the latest trends, challenges, and strategies shaping cloud security, include safeguarding sensitive data, ensuring regulatory compliance, and maintaining visibility and control across increasingly complex hybrid and multi-cloud environments.

Continue reading →

Newly released usage data from the O'Reilly online learning platform reveals that interest in AI-related skills has surged dramatically, with the most pronounced usage increases seen in topics like prompt engineering (456 percent increase), AI principles (386 percent increase), and generative AI (289 percent increase).

Use of content about GitHub Copilot has seen a dramatic increase too, by an impressive 471 percent, reflecting developers’ enthusiasm for tools that enhance productivity.

Continue reading →

Compliance automation software company Secureframe has launched its free Gap Assessment Tool to help service partners including MSPs, MSSPs, vCISOs, and IT security consultants identify gaps in security posture or compliance status.

It's designed to address a common challenge faced by IT service providers -- uncovering areas of non-compliance and potential risk while demonstrating value to clients.

Continue reading →

A new survey of over 200 CISOs across a wide range of industries in the United States reveals that many are unprepared for tough new regulations including the SEC's cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU.

The study from Onyxia Cyber shows 67 percent of CISOs report feeling unprepared for these new compliance regulations, while 52 percent admit to lacking sufficient knowledge about how to report cyberattacks to the government.

Continue reading →

Enterprise IT leaders are grappling with unprecedented challenges in data protection and governance, driven by the rapid adoption of cloud applications and generative AI, according to a new report.

The study from backup and recovery platform Keepit finds that although 70 percent of respondents report that their financial applications are covered by data protection strategies, a significant portion of other key systems and custom applications remain vulnerable.

Continue reading →

Artificial Intelligence is dramatically transforming the business landscape. It streamlines operations, provides critical insights, and empowers businesses to make data-driven decisions efficiently. Through machine learning, predictive analytics, and automation, AI assists in identifying trends, forecasting sales, and streamlining supply chains, leading to increased productivity and improved business outcomes. It isn't, unfortunately, without problems.

We talked to Matt Hillary, Vice President of Security and CISO at Drata, about the issues surrounding AI when it comes to critical security and compliance.

Continue reading →

The job of the CISO is becoming increasingly complex, with new rules around security and compliance, disclosure requirements following incidents, and more.

We spoke to John Morello, CTO of Gutsy, a company which was the first to apply process mining to security, to find out how things are changing and how CISOs should respond.

Continue reading →