Cybersecurity compliance 'left of bang'

Cybersecurity risk management regimes being developed by U.S, EU and APAC regulators are driving cybersecurity risk management compliance into the board rooms of public and private organisations.  In our view creating situational awareness through risk management, enabling boards need to make better more informed decisions about their cybersecurity posture left of bang.

Where once boards had an option to implement cybersecurity they must decide if they want to participate in a regulated market, they must implement cybersecurity risk management. Organisations that are not publicly traded should also be concerned, as they maybe suppliers of public firms that will be expected to understand and manage their cybersecurity supply chain risks.

The Left of Bang approach requires organisations to develop better situational awareness through an understanding of cyber risks.  Along with a broader assessment of the enterprise-wide impact that cyber-attacks may have on the organisations and its supply chains. Treating risks in a manner that could be considered adequate and commensurate to the level of risk. 

When regulation turns to enforcement it will over time set precedence, re-affirm compliance standards and be tested in court. Enforcement actions place corporate boards and security professionals on notice that their decisions could be assessed at a future date, in response to the decisions made in assessing cybersecurity risks, mitigating risks, and responding to cyber incidents.