The Cost of Compliance: What Charles Goodhart, Bill Murray, and Cybersecurity Have in Common
As a cyber security community, we need to re-think our commitment to – and investment in – compliance. Can we all agree it’s not working? If successful breaches were confined to organizations that either didn’t invest in compliance or were unsuccessful achieving it, then we could talk. But we all know that’s not the case. We need to start thinking about taking that 40% and investing more in the things that have the best chance of making the bad guys’ lives more difficult. We won’t win every battle, but at least we’ll be fighting the right war.
Is the cybersecurity community’s obsession with compliance counter-productive?
Show me a large enterprise that was breached and I’ll show you a large enterprise adhering to multiple compliance standards.
