Printer Friendly, PDF & Email

Great expectations: The shifting cyber-regulatory landscape

Gopal K. Padinjaruveetil ( is Vice President, Chief Information Security Officer, and Cris Mattoon ( is Assistant Vice President, Compliance & Ethics, at The Auto Club Group in Dearborn, Michigan, USA.

This is the first of a two-part series dealing with cybersecurity risk management, regulations, and solutions.

Chief information security officers (CISO) and chief compliance officers (CCO) are facing mounting questions from boards of directors, CEOs, shareholders, customers, and the media, seeking reassurance that their organizations’ digital infrastructure and data remain secure against tomorrow’s threats, some not yet even imagined. The continual onslaught of high-profile cybersecurity incidents wrought upon corporations and government agencies by illicit state actors and organized crime syndicates has culminated in a burgeoning cacophony of multijurisdictional cyber-regulation. International, federal, state, and model laws have begun to converge with increasing frequency and intensity to assign explicit accountabilities to organizations and executives with the objective of protecting sensitive regulated consumer and employee data.

In the first part of this two-part series, we address the heightened risk management expectations that regulatory agencies have expressed for the entities that they supervise. The second part of the series will address the evolution of cybersecurity risk management and the increasing convergence between private sector solutions and regulatory expectations.

This document is only available to members. Please log in or become a member.