The next wave of regulation
When you examine technology risk, you’re talking about IT. But when you talk about cyber risk, the ownership and accountability live outside the technology department. The trend we see in the direction and magnitude of cyber-based regulations is moving toward a more holistic approach, focusing on business priorities and responsibilities, such as customer-oriented business activities like building trust; middle- and back-office operational tasks; and board-driven corporate governance functions. In short, the focus is on management within the first line of defense, as it should be.