The Role of Regulation in Cyber Resilience

Jim Hall: I'm not a big fan of regulation, which is starting to drive behavior in the organization. He says it's moving us away from taking a much more holistic, resilient view down the road that says, well, if all else fails, at least we've been compliant. If you go exclusively to one or the other, he says, you never achieve resilience for the enterprise.Hall: For true cyber resilience, you have to be investing in adjustments to your control capability and control maturity based on how threat actors are changing their tactics.