One company that took the initiative to develop an affordable online cyber risk management solution for both IT professionals and non-IT decision-makers: Cybersecurity Compliance Corp

The move to cloud services and increase in global connectivity are driving increased awareness around cybersecurity. Cybercriminals are becoming more sophisticated, and with poorly configured systems, large enterprises and small businesses alike are exposed to data breaches and cyber-attacks like never before. Simply relying entirely on anti-virus solutions and firewalls is a thing of the past. Business leaders can no longer depend on legacy models for cybersecurity. Every level of the organization is a potential attack vector, and it is nearly inevitable that organizations will be the victim of a successful cyberattack and will lose personal data or intellectual property to cybercriminals. This area of risk is something that businesses cannot ignore, and it can cause the companies irreversible reputational damage if they haven’t taken the time to assess cyber readiness and resiliency across the organization and throughout the cybersecurity lifecycle.

To help business leaders in their cybersecurity endeavor, Cybersecurity Compliance Corp has come up with a path-breaking solution called Cybersecurity Pulse™, focused on assessing cyber risk across all functions within an organization. With the challenges around resources and general confusion in the cybersecurity space, combined with the incessant publication of successful cyberattacks, we believe now is the most important time to focus on updating your cybersecurity environments. Cybersecurity Pulse™ offers an online, self-serve, framework-based cybersecurity assessment, with integrated education and phishing campaigns with all results laid out on an easy to read dashboard. The assessment is dynamically updated, and scoring guidance is written in plain English, driving alignment and transparency throughout the organization. The dashboard provides non-IT executives and board members with a real-time view into the current cybersecurity status of their organization and allows IT management to establish a roadmap for future improvements.

Cybersecurity Compliance Corp was founded in 2018, and it is based in Ontario, Canada.

In conversation with Jeff Dawley, Founder and CEO of Cybersecurity Compliance Corp

Q. What motivated you to get into the cybersecurity industry?

In 2016, while working as the chief financial officer of a litigation lender operating in Canada, Barbados, Ireland, and the UK, I assumed responsibility for technology, in addition to existing oversight over global finance and European operations. One of my first questions to the technology team was, “how do we stand on cybersecurity?” The reactions ranged from shrugs to “We’re fine.” with little in the way of supporting documentation or framework-based checklist. After embarking on a self-education exercise for six months, it became clear that the shortage of resources in the industry, along with the confusing list of micro-credentials and individual solutions, was creating an environment where cybersecurity services were being priced out of the market for small to medium-sized enterprises, and the only solution was to develop a self-serve, online assessment that was based on globally-accepted frameworks, with easy to understand scoring to bring alignment across every organization with respect to their cybersecurity environment.

Q. When you are asked to speak at events, why do you highlight how traditional technology-based cybersecurity solutions are failing businesses today?

Unfortunately, this is one of those common areas of misunderstanding on the part of today’s non-IT decision makers. Many providers in the cybersecurity space focus on the technology or network component, leading businesses to feel secure because they have a firewall and anti-virus solution in place. Unfortunately, this is a false sense of safety. Cyber risk is no longer just an IT problem; it is the most significant business risk facing organizations today outside of the COVID-19 shutdown. The only appropriate starting point when addressing cybersecurity is to assess the overall environment, with input across the organization, and use the results of that assessment to generate a picture of the current cybersecurity posture and a roadmap for future improvements and budget allocation. Included in that plan will be opportunities to improve network security. However, we recommend looking at the entire target before deciding where to shoot first.

Q. Why is it so hard to get started with a cybersecurity program?

First, there is a global shortage of resources that has surpassed the three million mark and continues to grow. With a shortage of that magnitude, and larger companies snapping up resources to address what has become a key Board-level risk topic, there simply aren’t enough bodies to go around. Basic principles of supply and demand mean that the result has been a steady increase in the cost of consulting engagements, assuming you can find resources with any availability. Second, the industry has experienced an explosion of services and solutions, from anti-virus to threat risk assessments, from online education to incident-response, with dozens of micro-credentials available to would-be cybersecurity professionals. Combine all of that with the regular inflammatory news on cyberattacks, and you end up with decision-makers struggling to determine who they can trust, and what first step is the right first step.

Q. Do you have any new services ready to be launched?

During the COVID-19 shutdown, we compiled best practices from around the world regarding evaluating and improving cybersecurity for the remote workforce. While there is no published framework dedicated specifically to remote environments and home offices, we were able to create an assessment that allows internal or external IT support within an organization to push out a self-assessment to all remote resources, and then triage and remediate in priority based on the results. We have also been working with partners and early-adopters to bring online assessments and audit support services to financial institutions in Canada and energy companies in North America with the OSFI and NERC CIP frameworks, respectively, paired with evidence storage and management capabilities, all expected to be released by late-summer 2020.

Q. What do you think the future holds for Cybersecurity Compliance Corp.?

We are excited about some upcoming projects in the autonomous vehicle space and insurance industry. We have been monitoring progress in insurance, particularly around underwriting for cyber policies, and see an excellent opportunity to provide pre-event data to insurers, with changes in risk tracked in real-time as organizations work to remediate their gaps. Finally, with current discussions underway with partners in the US and UK, we believe there is a fantastic opportunity to take the concept of a standard, framework-based assessment to organizations around the world who are looking for a starting point in their cybersecurity journey or just looking to improve their current communication and decision-making processes.

Meet the leader behind the success of Cybersecurity Compliance Corp

Jeff Dawley is the Founder and CEO of Cybersecurity Compliance Corp. Before devoting his career to helping SMEs better understand their cybersecurity environment Jeff worked in finance and technology across a broad spectrum of Canadian and international organizations. Over 25 years Jeff has benefited from exploring many industries including financial services, mining, information processing, manufacturing and professional services. His career has seen him operate as a CFO for 10 years with both publicly listed and private companies, as well as 5 years as a CTO/CIO, responsible for all aspects of information management and technology. In 2018, Jeff co-founded Cybersecurity Compliance Corp. along with seasoned technology professional and business owner, Alex Ostritsky, to help businesses of all sizes address alignment and transparency issues in cybersecurity, focusing on globally-accepted frameworks and proprietary plain-English scoring.

“Take your Cybersecurity Pulse™ before unknown risk becomes real exposure.”