Companies face a growing number of regulations that they say offer sufficient protection but are difficult to satisfy.
Companies face a growing number of regulations that they say offer sufficient protection but are difficult to satisfy.

When Lester Holt posed a question about cybersecurity to presidential candidates former Secretary of State Hillary Clinton and Republican nominee Donald J. Trump during the first presidential debate, it underscored findings in a new Bay Dynamics report that cybersecurity has grown in importance.

While he didn't think that either Clinton or Trump “did a very good job” answering, that fact the “question was asked is a sign of the times” that cyber has been elevated, Bay Dynamics co-founder and CTO Ryan Stolte told SCMagazine.com, something that the company's newly released survey of corporate board members underscored.

According to “What's Driving Boards of Directors to Make Cyber Security a Top Priority?,” conducted by Osterman Research and which sought to determine just how regard for cybersecurity has changed and why, 30 percent of board members surveyed now give cyber high priority, compared to just seven percent in 2014.

The top driver is compliance to regulation with the report showing an 11-fold increase from 2014 in the number of organizations pointing to increased government regulation driving their cyber efforts.

“There's been a huge uptick in regulations and government framework that hold people accountable” regarding risk, Stolte said.

The results also show that coming into accordance with regulations and regulatory frameworks like that from the National Institute of Standards and Technology (NIST) has grown more difficult. Almost 60 percent of those surveyed rated regulatory mandates as somewhat or very difficult to meet. That's a nearly 20 percent increase from 2014

NIST is more of a given these days. “They're making an assumption that the NIST framework will [evolve] into regulation,” he said.

They also believe that regulation helps them protect corporate assets – nearly half called those regulations very sufficient.

“People at the board level think regulation is good,” he said. “It's a positive sign that they take cyber seriously and respect regulation.”

It's also “validation that people are having a mental shift,” said Stolte. “All that says we're making the right move to educate them and they're taking it seriously.”