​The word compliance can lull us into believing that it is synonymous with certainty. But this is a dangerous misconception and one that undermines our understanding of breaches such as retail giant Target’s attack in 2013. We believed they must have some internal security weakness, but in fact they had recently been certified with a security standard. Prevention is better than detection, but in reality we need both as there is no such thing as 100% prevention.

Kerry Bailey, Forbes Technology Council, suggests that until senior management embrace security as an ethos that goes far beyond simple compliance, we should consider 3 interim measures:

1. Regulation
2. Investigation
3. Process Improvement

Government policymakers move slowly, and company cultures transform slower still. Nevertheless, this is a change we must engineer to protect our businesses.

You can find his full discussion here.

Our ‘Something To Consider’ snippets are framed as small, digestible, ‘dashes of insight’ around the pillars of what we define as “World Class Finance” – Process Optimization, Financial Control and Compliance, and Risk Assurance, all underpinned by technology enablement and integration.