Key industry sectors continue to raise the cybersecurity bar for their members by developing increasingly more demanding standards and operational expectations. As the pernicious threat to organizations’ information security and the personal privacy of their customers continues to increase, and as societal impact and cost transitions – from the more benign criminal theft of intellectual property, personally identifiable information (PII) and protected health information (PHI), to far more potentially dangerous and costly destruction of industrial control systems of critical national infrastructure – Ankura expects to see compliance regimes become strengthened and penalties rendered more punitive. We anticipate that compliance audits will become tougher and post-event fines more demonstrative and draconian. Understanding organizational cybersecurity compliance should be the concern of Chief Compliance Officers, Chief Risk Officers, General Counsel, Internal Audit and members of Board Audit, Risk and Compliance Committees – especially for regulations that both require personally-signed certification of compliance and that could trigger cybersecurity Directors and Officers (D&O) liability.
Ankura’s cybersecurity and data governance professionals provide expert independent assessments of clients’ compliance with, and audit readiness for many of the most pervasive standards and regulations in key industries, as well as practical, no-nonsense roadmaps toward compliance validation and certification:
- 23 NYCRR Part 500 (New York State Financial Services Regulation)
- HIPAA Security & Privacy, and OCR Audit Readiness
- PCI-DSS Audit Readiness
- ISO 27001
- GDPR and Sovereign Personal Data Privacy Regulations