Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity NewswireSecurity Leadership and ManagementLogical SecuritySecurity & Business ResiliencePhysical SecurityCybersecurity News

Cybersecurity, risk and compliance: What’s in store for 2022?

By Lauren Kornutick
cyber attacker hacking computer
December 15, 2021

2021 heralded a year of record cyberattacks, with the Identity Theft Resource Center (ITRC) reporting that the number of data breaches publicly reported so far this year has already surpassed the total for 2020. With high profile attacks hitting the headlines from the SolarWinds breach and Colonial Pipeline shutdown to the CNA Financial attack, where one of the largest insurance companies in the United States paid a $40 million ransom so that it could continue to operate, risk and compliance have never been more paramount.

Ransomware and supply chain cyberattacks are becoming increasingly systematic, and organizations must have robustly developed, planned and tested risk and resilience frameworks in place. The stakes have been raised and there are no more excuses. There are no second chances. Organizations must adopt a holistic approach to resilience and be proactive in making all business decisions with resilience in mind.

As we reflect on this past year, it raises the question: what is in store for businesses and their risk and compliance strategies in 2022?

Greater focus on ESG and cybersecurity programs in risk modeling

The increase in cyberattacks has driven a more stringent underwriting process, which has led to the maturing of the cyber insurance market, with insurance companies demanding much more from organizations when it comes to risk mitigation. 2021 witnessed a high number of large-scale, devastating cyberattacks that rendered services inoperable, caused severe financial loss and left some users “uninsurable” because of poor cyber hygiene. In 2022, businesses can expect to experience a greater expectation of accountability in minimizing risk as underwriters have grown more aware of what kind of risk controls make effective cyber programs.

Organizations will need to prove to their cyber insurance provider that they have cyber processes and policies in place to prevent a breach. For example, cyber insurance underwriters now expect businesses to adopt multi-factor authentication within their information technology (IT) environment as well as an updated patch management program, air-gapped and encrypted backups and employee awareness and phishing simulations, among other strategies.

Users, employees and investors are increasingly holding companies accountable for their environmental, social and governance (ESG) practices around equality, diversity and climate change. Companies are expected to act morally and responsibly to support the broader objectives of not just their local community, but the wider world. Similar to cyber insurance, insurance companies have linked the strength of ESG programs to predictors for risk and placed increased scrutiny on these programs. At the same time, there is increased momentum around the role of ESG in financial disclosures. For instance, the House of Representatives in the United States recently passed legislation that, if signed into law, would require companies to report ESG metrics. In Europe, SFDR regulations continue to evolve. 

As we enter 2022, businesses will need to fully understand the ESG issues that affect their company and ensure that they embed them into their risk management and business operation framework. They will need to ensure ESG policies and procedures are integrated into their culture, systems and processes and be wholly transparent in their ESG approach through structured ESG reporting.

Risk and compliance are taking a primary role as change enablers

There’s no doubt about it — the game has changed when it comes to expectations that companies act responsibly and ethically to support society. It’s more than just a bottom line: stakeholders expect that companies understand their relationship with the world around them. Without a robust risk management framework that includes ESG, resiliency and strong cyber and compliance programs, this presents a serious risk to enterprise reputation, the ability to attract and retain the best talent and users, and the market position as well.

While risk and compliance were once seen as the organization’s police and reacting to violations, misconduct or other wrongdoing, that is no longer the case. As we move into 2022, organizations will be focused on ensuring risk management and compliance is as central to their ethos just as much as, for instance, superior customer service or employee wellbeing is. Ethical behavior and decision-making programs will become increasingly common as leaders overhaul the traditional perception of compliance within the workplace and instill proper risk-related governance where risk and compliance are seen as real change enablers.

Risk and compliance teams within organizations are uniquely suited to work cross-functionally with others in the organization. Their teams have access to all stakeholders and business processes, and they are accustomed to building programs from gray or emerging topics and being effective with limited resources. Risk and compliance will continue in a business-enabling role where they can identify and create strategic opportunities to achieve business goals.

Regulators will also shift to examining the culture of compliance within the organization as part of sentencing guidelines or when determining fines, penalties etc. if wrongdoing occurred. Organizations must evidence that risk, resilience and compliance are woven into their values and that leadership is setting the appropriate tone from the top. They must demonstrate that they champion a culture of compliance, risk management and ethics and continue to improve this as the company and regulations evolve.

Organizational resilience takes center stage

Resilience is not just about overcoming a disruption or managing to operate in the face of multiple unexpected events outside of an organization’s control — it means so more than that. Organizational resilience is about proactive organizational decision-making, and this involves incorporating the separate functions of governance, risk and compliance alongside other business functions into an organization's objectives.

Next year, we’ll see business leaders focus their attention on creating smarter, more resilient ecosystems. Third-party partnerships will be important to this too, with leaders placing third-party management at the center of strategic risk and operational planning and modeling.

Whilst reputational risk has always been a concern, it has been hugely amplified in the last 12 months. Leaders realize that if an incident does occur, they need to demonstrate that it is not a result of their organization’s culture or values. They need to do this to minimize any reputational damage that a data leak or cyberattack can cause.

Organizational resilience is not just something security leaders do once and it’s done, box ticked. It’s an ever-evolving process that does not occur overnight. Security professionals are all learning together about the appropriate approach to risk and resilience, and the journey is never really finished. It’s about creating a strong sense of organizational priorities and purpose, and mobilizing stakeholders — employees, investors, customers — to personify this and deliver a robust and relevant business model with risk and resilience at its core.

KEYWORDS: cyber attack losses cyber insurance data breach risk management risk mitigation third-party risk

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Lauren kornutick, solutions manager, compliance at fusion risk management

Lauren Kornutick is the Solutions Manager, Compliance, at Fusion Risk Management. She has over 15 years of experience facilitating successful risk management and compliance strategic programs across several organizations. In her role, Kornutick advises Fusion’s product and executive leadership team on industry-wide best practices, compliance program development, sustainability and ESG frameworks and regulatory matters.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud-enews

    How to Make Informed Risk Management Decisions about What to Store in the Cloud

    See More
  • supply-chain-freepik

    Supply chain cybersecurity trends: What professionals should be aware of and how to prepare for 2022

    See More
  • business-solution-freepik1170x658.jpg

    2022 RSAC takeaways: Risk management vs compliance

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!