[Reading time: 38 seconds]
If you are not aligned to the cyber security expectations of your regulators, this is a regulatory risk.
However, this regulatory risk is not the real problem.
It’s just a symptom.
The real problem with your non-compliance is that it shows you are not managing cyber security risk appropriately.
Because 90%+ of any of the regulatory guidance that I have read (from Central Bank of Ireland, EIOPA, SEC, and now the DORA regulation) is telling you the things you need to be doing to effectively defend against the most common attacks.
Things like: Governance, risk management frameworks, third party risk management, vulnerability management, incident reporting.
Are they boring? Absolutely.
Are they important? Absolutely!
If you don’t align to the regulatory guidance, you are at a heightened risk of a cyber attack.
If you have never read guidance from your regulators, then it’s time to make friends with your Compliance team.
Your friend in Compliance may be your organisation’s true Cyber Hero!