Why Being Compliant Does Not Mean Being Secure

By Karen A. Frenkel  |  Posted 02-18-2016 Email

Organizations continue to equate compliance with security, fostering the mistaken belief that meeting compliance requirements leads to a more secure enterprise. In fact, data breaches are rising in organizations certified as compliant, a new study revealed. In many cases, investments in IT security controls are misplaced because most focus on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyber-attacks, according to the study. Vormetric, an enterprise data security firm, issued the survey, "2016 Vormetric Data Threat Report," with think-tank 451 Research. The annual report polled 1,100 senior IT security executives at large enterprises worldwide. It details rates of data breach and compliance failures, perceptions of threats to data, data security postures and IT security spending plans. "Being compliant doesn't necessarily mean you won't be breached and have your sensitive data stolen," said Garrett Bekker, senior analyst of Enterprise Security at 451 Research. "But organizations don't seem to have gotten the message, with nearly two-thirds (64%) rating compliance as very or extremely effective at stopping data breaches."

Karen A. Frenkel writes about technology and innovation and lives in New York City.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register