One hard reality of cybersecurity is that the economics favor attackers. It is more costly to defend than it is to attack. As threat actors become more sophisticated and diverse, the cost to defend continues to grow. Defender resources — time, money, and people — are finite. As such, companies need to allocate them efficiently and effectively.

Unfortunately, the steady movement toward government-imposed cybersecurity regulations and enforcement actions poses a dilemma for many companies. Do they allocate resources to secure their environment or to ensure compliance with a multitude of government mandates and reporting rules?

The number of cybersecurity regulations imposed on industry is so voluminous that a core pillar of the Biden administration’s National Cybersecurity Strategy is to harmonize regulations. Yet government agencies continue to issue conflicting mandates that will divert resources from security to compliance.

Read more>>