5 Structural Barriers Breaking Your Cybersecurity Compliance Framework

Compliance challenges rarely stem from a lack of intent, but are often rooted in how systems and processes are designed.

Talk to any CISO or cybersecurity leader about whether they are having compliance issues and they will resoundingly answer with a big “no.” The reality is that many organizations suffer from a compliance problem they may not be fully aware of.

Research from Creditsafe blamed general business pressures for driving companies to cut compliance corners. A striking 59% of 200 US professionals across accounting, legal, supply chain and consulting said they “always” compromise on compliance; 79% admitted to skipping compliance checks on customers and suppliers due to familiarity. Violations are on the rise — 67% reported more data privacy breaches, while 64% noted increased financial accounting and tax compliance violations.

Proper governance frameworks are without a doubt in place, and associated documentation exists. Policies and control standards might pass a cursory audit. The problem is that many organizations won’t be able to demonstrate in absolute terms whether their controls are working. You will be surprised how common this is. This happens because the compliance framework has structural issues.

Structural gaps occur because the technological environments in which organizations operate necessitate cross-jurisdictional regulations. They don’t have to comply with just one or two regulatory frameworks but with multiple frameworks, such as NIS2, DORA, HIPAA, SEC disclosure rules and others relevant to their industry and geography. Consequently, an organization’s capacity to manage compliance is failing to keep pace with the growing complexity of compliance demands.