Tag Archives: Compliance

Why Should You Care About Your Compliance Posture?

Findings explains why businesses should care about their compliance postures.

In general, compliance means following rules made by an authority body. In practice, it means creating a program that has security controls in place to protect the confidentiality, integrity and availability of data.

Your business and customer data is valuable to cybercriminals who may use it for malicious reasons or personal gain. They could be acting on behalf of the state or an aggressive competitor interested in your trade secrets, technical data or internal communications. Or they may be motivated by money, which they make by selling your customers’ data on the dark web or holding it for ransom. 

Why is Regulatory Compliance Important?

The risk of non-compliance with cybersecurity regulations is too big to take lightly. PCI DDS breaches cost companies a minimum of $5,000 and a maximum of $100,000 per month in fines. Fines per HIPAA violation range from $100 to $50,000. If you do business in California, the state’s data privacy law – California Consumer Privacy Act (CCPA) – will apply to you provided you handle more than 50,000 consumers’ data or have an annual gross revenue of at least $25 million. Under the law, you could be fined up to $7,500 for sharing or processing certain types of employee information without their consent.  

Harsh punitive action apart, the bad publicity that accompanies data breaches can create a trust deficit among customers and make your competitors suddenly look a lot more attractive than you. Intentional or unintentional exposure of your employees’ information due to ineffective controls or training may also cause them distress. 

What Goes Into Maintaining a Strong Compliance Posture?

You’d have to create strong defensive measures for all the places where your data lives, such as systems, networks, smart devices, routers and the cloud. Here’s where industry standards and government regulations on cybersecurity come in. While there are many, not all may apply to your industry. So, the first step in creating a strong compliance posture is to identify the cybersecurity regulations you need to comply with and the cybersecurity frameworks you can adopt to reduce your cybersecurity risk. 

You’ll then have to appoint a person to manage your cybersecurity program and stay updated with compliance requirements. Large organizations have Chief Information Security Officers (CISOs), but in a medium-sized or small company, the IT Manager, CTO or COO performs this role, usually in consultation with a cybersecurity company. 

The individual is in charge of assessing risks and vulnerabilities, and implementing technical controls based on applicable cybersecurity regulations or a cybersecurity framework (e.g NIST, ISO/IEC 27001 or PCI DSS) with added technical controls to meet those regulations. They will also be responsible for implementing, in collaboration with other leaders, non-technical controls such as cybersecurity policies, procedures, audits and training, which are equally important to compliance. 

Cybersecurity requirements change. New threats emerge. The controls you have now may not stack up against new laws and evolving threats. Regularly assessing your security controls is necessary to identify security gaps due to any new risks that have emerged and enforce changes required to continue maintaining a robust compliance posture. If things appear complicated, a cybersecurity company or attorney specializing in cybersecurity compliance will prove to be a valuable ally by providing clarity on laws and recommendations on risk management.

How to: Stop Creating a Tedious Sales Cycle

Findings.co shares what IT leaders can do to save their sales teams from tedious sales cycles

Concerned about the time and effort required to close your B2B sales cycle?

There’s no doubt that B2B sales cycles are getting longer and more complex. According to a recent study, 68 percent of B2B customers say the buying cycle has lengthened, with the average time taken to close a deal being 4 to 6 months.

On average, only 47 percent of sales deals are closed across industries, while in the software sector, only 22 percent of deals are closed.

Multiple factors – right from the time and effort involved in finding prospects, and scheduling a demo, to conducting compliance due diligence, impact your sales cycle.

Let’s look at the problem (tedious sales cycle) and the smart solution:

The problem: Tedious sales cycles

A typical sales cycle involves multiple steps:

  • – Finding new leads and qualifying them

  • – Setting up the first appointment or a demo

  • – Discovery work and due diligence

  • – Exchanging ideas and proposals

  • – Presenting a proposal

  • – Closing the sale

SDRs, on average, make 52 cold calls each day while a third of SDRs spend about 20 to 23 percent of their time on discovery meetings.

What’s more, an SDR spends only 35.2 percent of their time actively selling, with the rest of the time spent on prospect research and non-selling activities.

This means that a company spends about $50,000 per sales rep, per year (considering USD $81000 as the average pay for a sales rep in the US) on prospect research alone.

Another factor that contributes to the complexity is the compliance due diligence process which can take anywhere from weeks to months.

Regulatory compliance, however, is vital to protect your business against numerous financial, legal, and reputation-related risks.

Why regulatory compliance is vital

According to an estimate, cybercrime costs are expected to reach USD $10.5 trillion annually by 2025. As the number of cyberattacks increases, so do the regulations designed to protect against them. 

The most recent regulation is the proposed IoT cybersecurity law in the EU. If this bill is cleared, noncompliance with cybersecurity requirements can potentially cost IoT manufacturers a whopping €15 million.

How can non-compliance with cybersecurity laws affect your sales cycles and contracts? For starters, it can affect the value of the deal in addition to impacting the sales win and business reputation.

A case in point is the acquisition proposal of Yahoo! Inc. by Verizon Communications. While the original proposed price was USD $4.83 billion, the price was cut down to $350 million after seven months. The reason? Verizon discovered undisclosed data breaches at Yahoo! while conducting cyber due diligence.

The Solution: Automate compliance due diligence

Thanks to the ever-changing regulatory landscape, most companies struggle to keep up with the constant changes. 

Automating the process can help speed up the sales cycle and make it more efficient. At Findings.co, we have built a smart tool that automates your compliance due diligence to reduce time, improve accuracy, and improve sales win rates.

An automated risk assessment tool captures the threats and vulnerabilities of potential contractors while including recommendations for risk mitigation.

Built-in response automation ensures a quick turnaround time for responding to security incidents and a quicker containment of incidents. With these features, organizations can improve their overall security posture and accelerate compliance due diligence, setting up a win-win situation for the parties involved in the contract.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account

Please fill your details below and click "Next" to create your account:


$10 / Month
$10 / Month
$25 / Month
Integrated Apps
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today

Thank you for signing up!