‘But I Was Compliant’

Don’t Fall to Excuses. Go Beyond Regulatory Compliance.

“But I was compliant!” is a phrase that is too common after a business has suffered a data breach. A business can meet all the regulatory compliance requirements and still face breach. Being compliant simply means you’ve meet the bare minimum-security requirements needed to protect your data. While the challenge of maintaining optimal levels of security are understandable, settling for the bare minimum level of security needed and hoping that you’re lucky enough to never face a breach is not.

Many of the regulatory rules aren’t overly detailed, because regulatory agencies don’t want to get mired in having to keep up with new cyber threats and security technologies. Instead, they enforce high-level requirements that are made to be relevant across multiple sectors and security needs. Adding to the challenge are regulatory rules that are written, monitored and enforced in different ways by different regulatory agencies, making it difficult for businesses to understand if they are within compliance. For these reasons, businesses need to go beyond compliance and take a proactive approach to their cyber security, because simply “being compliant” will never be enough.

Learn more about how to avoid the pitfalls of compliance and meet your optimal security needs with our “But I Was Complaint” paper.