The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.

—Christopher Graham¹

INTRODUCTION

The first chapter established a cybersecurity strategy, and the second outlined how organizations can adopt the cyber value precept to align cyber risk management in business terms (dollars). This chapter focuses on how the BOD and C-LEs can ascertain cyber compliance with the established rules, regulations, laws, and policies. Noncompliance can bring about a fatally defective state of affairs for any organization. Once the precepts in previous chapters have been adopted, they ensure proactive cybersecurity and ensure that cyber risk management controls are implemented for critical assets; having a precept for compliance with laws, regulatory, privacy, industry-specific standard matures the organization's cybersecurity posture to the next level. The BOD and C-LEs must understand the need to innovate and protect the critical data of their customers, employees, and business partners, a task that is increasingly challenging in this era of cyber-attacks. Achieving cyber compliance outcomes does not happen by chance. It requires a thoughtful, focused approach. Cyber compliance demands an interdisciplinary systems-engineering approach because it is diverse.

Cyber compliance remains imperative for the BOD and C-LEs ...