Many organizations plan to align their risk and compliance program around the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)? The framework, introduced several years ago, is quickly becoming one of the world’s de facto security standards yet organizations are struggling to implement it.
Some of the struggle stems from not having an overarching automated risk and compliance program in place. Many organizations still rely on manual processes and manage separate data silos. Therefore, they can’t confidently and rapidly respond to security incidents.
More than 500 risk and compliance leaders registered for an Rsam webinar last week to learn more about this important topic. A survey of the webinar attendees highlights key challenges:
- 87% said they plan to incorporate NIST CSF into their risk and compliance strategy
- More than 50% of respondents felt they weren’t able to satisfactorily report on their corporate alignment to NIST CSF
- 60% said they weren’t able to take timely actions derived from NIST CSF findings
- On a scale of 1 to 10, respondents were asked to rate how much of their Cybersecurity program they’re able to automate with 1 being manual and 10 being fully automated; Only 8% rated their automation above a 6.
Listen to an on-demand version of the webinar here.