Cybercrime is on the rise, and no one is immune. Recent headlines captured the grim state of events for consumers who entrusted companies with valuable information. In a twist that likely disrupted many a peaceful night’s rest, Marriott International reeled from a data breach involving 500 million customers. The knowledge-sharing website Quora announced that a “malicious third party” had compromised the account information of 100 million users of the question-and-answer website. And one dozen states jointly filed a federal lawsuit against Medical Informatics Engineering and NoMoreClipboard over a breach that exposed the data of 3.9 million individuals.
These corporate fiascos – carrying legal, financial and reputational consequences – often reveal significant deficiencies in organizational cybersecurity controls and policies along with glaring gaps in cybersecurity regulatory compliance. They also underscore the importance of actively thinking about and assessing cybersecurity each day. Compliance works best when it’s baked into each day, not considered after the fact or invoked as part of a frantic incident response. Building a culture of compliance needs to be a part of every organization’s mission.
But the reality is that building and maintaining a comprehensive compliance program is very challenging, with responsibility shouldered between the legal counsel who interpret policy, the compliance officers who struggle to create controls and the teams required to implement those controls. Between rapidly-changing regulations and corporate red tape, the process often needs to start from scratch before it gains traction. And because this chain of command makes compliance an abstract concept, it can be difficult for stakeholders to buy into the program and coalesce around compliance.
That’s when our Chief Development Officer, Alan Winchester, identified an opportunity to streamline and simplify compliance through software so that it becomes a daily achievement, rather than an afterthought.
Since 1989, Alan has focused on the intersection of law and computers. In the legal world, he is a pioneer in the use of predictive coding to efficiently identify responsive documents for early case assessment and review purposes. That mindset of proactive strategy and informed assessment has honed his focus on cybersecurity. Driving the development of an innovative solution, his vision is to enable customers overwhelmed with legal and operational issues surrounding compliance to meet their obligations intuitively and simply.
The result is CyMetric, a cloud-based cybersecurity compliance tool that translates a range of regulations into one unified policy and control set that meets the legal requirements of the laws companies need to comply with. The product’s disruptive nature lies in aligning multiple regulations with a standardized control set that become the basis for a cybersecurity policy. This alignment enables the organization to measure its compliance with multiple regulations through a single assessment process. Managing and documenting all of the facets of a cybersecurity program through a single, cloud-based platform eliminates the need for multiple spreadsheets, enhances collaboration and supports the building of a culture of compliance within an organization.