- IO research shows 87% of UK cybersecurity managers doubt the credibility of speed‑focused certification programs
- Rapid, automated compliance creates a false sense of security, with certifications like ISO 27001 not guaranteeing resilience
- Experts stress continuous monitoring and human oversight, as automated recommendations and evidence still need validation and interpretation
Speed-focused compliance programs could help businesses get cybersecurity certifications quicker, but security professionals are skeptical if the speed comes at the expense of actual business resilience.
This is according to new research from resilience specialists IO, which claims that 87% of senior cybersecurity managers in the UK believe the speed at which certification is achieved affects its credibility.
According to the report, compliance initiatives that are either heavily automated or compressed into short timeframes are creating a false sense of security. Certifications like ISO 27001 might help companies win contracts and maintain an image, but researchers are warning that certification alone does not guarantee actual operational resilience.
Gaps in security posture
“Organizations that focus on achieving certification as quickly as possible are at risk of leaving gaps in their security posture,” says Chris Newton-Smith, CEO of IO. “Certification can open doors to new contracts and demonstrate commitment to recognised standards but treating certification as the end goal rather than the outcome of establishing and embedding effective compliance is more often than not at the expense of long-term resilience. Businesses must treat compliance not as a tick-box exercise but an evolving, iterative, and business critical project.”
Polling 251 cybersecurity managers in the UK, IO found that 31% consider continuous controls monitoring as the strongest indicator of compliance resilience. At the same time, a fifth (21%) said certifications could reflect security controls at the time of an audit, but could soon after become obsolete.
IO also stressed the importance of human expertise in these programs. Almost half (45%) of the respondents said human involvement is still essential when evaluating if automated compliance recommendations are still relevant and accurate, and another third (33%) said complex regulations still need human interpretation.
Finally, 32% stressed the importance of human in validating compliance evidence generated by automated systems.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-2560-80.jpg
Source link
