Convergence and divergence of regulatory compliance and cybersecurity

Abstract

The introduction of technology in today's society and the risks associated with its use demonstrate the need to secure information and other digital assets at various levels and in various sectors. Not only is this aspect important for industries, companies, and individuals, but also for countries. Regulations in several organizational and cultural contexts are requiring increased and improved cybersecurity strategies. To better understand the commonalities and variations of the different compliance environments, we performed a comparative analysis drawing on eight interview-based case studies. This study examines the conditions under which compliance presents issues impacting cybersecurity and which areas are affected, in both positive and negative ways. The comparison features the cultural, regulatory, financial, and technical factors contributing to compliance problems. Finally, we draw out lessons about compliance strategy from both a regulatory and organizational point of view.