Eric Stylemans’ Post

View profile for Eric Stylemans, graphic

Information Technology Enthusiast, GRC Practitioner, Seasoned Information Security Risk Officer, Creative Thinker and Conscious Doer, Lifelong Learner

When companies hyper-focus on compliance for the sake of compliance, they end up with tunnel vision that can stifle creativity, innovation and adaptability. There’s also a risk of overkill with overlapping requirements that absorb resources unnecessarily and drive up costs. Today, more companies are pivoting from compliance-first to risk-first mindsets. #compliance #riskmanagement #security

Don’t Be Compliance-First. Be Risk-First Instead. | Built In

Don’t Be Compliance-First. Be Risk-First Instead. | Built In

builtin.com

Yakir Golan

CEO & Co-founder at Kovrr | Cyber Risk Quantification

5mo

Great article; thanks for sharing! Contextualizing compliance measures and various security control upgrades provides the information necessary for creating targeted mitigation plans that ACTUALLY lead to resilience. Ultimately, organizations need to consider the goal. While there's certainly a great deal of overlap between achieving compliance and mitigating cyber risks to the extent that meets risk appetite levels, they're not intrinsically connected. CISOs need a means of determining the tangible implications that security upgrades and compliance can have on the company (i.e., reduction in financial exposure) to adopt this necessary risk-first approach.

Like
Reply

To view or add a comment, sign in

Explore topics