Nothing stands still in cybersecurity—and that includes compliance. Just as new threats drive the need for new deterrents, new technologies and evolving business practices drive the need for greater oversight.
Over the last few years, compliance, regulation and governance have begun evolving faster than we have seen for some time. This has been in response to rapid changes we’ve seen ripple across industries caused by new technologies, like artificial intelligence (AI) and machine learning, and new ways of doing business launched in response to the pandemic.
In this blog, we explore what has changed within the world of compliance over the last few years and where things are likely heading.
On compliance trends
Like many industries, compliance and regulation tend to follow market trends. If we go back a few years, we saw a raft of privacy legislation introduced in the wake of the European Union’s introduction of the General Data Protection Regulation (GDPR).
High profile events also tend to shift the attitudes of regulators. For example, financial services companies found themselves in the spotlight following the 2008 economic crash, while the auto industry faced similar scrutiny after the emissions scandal.
During these times, regulators tend to turn their attention to enforcement, and they are willing to make an example of a company if that’s what’s needed to improve things. Over the years, many regulators have become much more aggressive in this area, expanding their scope and proactively applying their rules.
Of course, technology drives regulatory change, too. The pandemic has recently accelerated the mass adoption of collaborative technologies and communication channels like Microsoft Teams, Zoom, Slack and many more. The availability and advancement of these channels have changed how we communicate and how we access and share data, both inside and outside of our organizations. In turn, compliance requirements have had to adapt to accommodate new ways of working.
On AI and ML compliance
Over the last two or three years, we have seen exciting advances in generative AI. But it has also made possible some fundamental capabilities that will become incredibly important.
For example, in a world with so many claims of fake news and misrepresentation, the ability to retain immutable records is a big deal. “Immutable” effectively means that something cannot be changed and cannot be hacked. This is huge not just from a source of truth perspective but also regarding reproducibility. As we use AI tools en masse, questions will be asked about why specific systems are making certain decisions.
Is AI discriminating against specific ZIP codes, for example? And if not, can those in charge of these systems prove that? In many cases, doing so will take work. AI could be better at explaining how it gets to its decisions. In order to do so, businesses will need to return to the original, immutable data. And as they become increasingly information-intensive, getting back to that source data sets a high bar of capability.
AI’s ability to process vast data sets will also raise concerns around testing. Before any organization puts a system or platform into the world, potential users want to be confident that it has been suitably tested. But even if a company spends millions of dollars testing a system, it will still sometimes fail—and errors will get through.
In the past, we could accept a failure rate of, say, one in a million. But today’s software is much more complex than anything we’ve been able to produce in the past. So, a one-in-a-million failure rate in a system running 100, 200 or 300 million events in a day quickly adds up to widespread failures.
Regulators will need to iron out how they intend to protect consumers and the markets from issues like these and set clear guidelines regarding who, ultimately, is accountable.
On the future of compliance
Current trends are likely to continue to drive the development of compliance management. Currently, we’re seeing a lot of instability. While the worst of the pandemic disruption is behind us, we still regularly see supply chain issues, high inflation, and labor and material shortages, to name a few.
There is also political uncertainty. There is the Russia-Ukraine war. The global political sphere is as polarized as it has been for a long time. We are seeing freak weather events, and issues around air and water pollution. Concern is growing around AI. The list goes on.
Whatever is driving it, regulators do not like uncertainty and instability. They are focused on common goals such as fairness, protecting consumers and protecting the markets. In times like these, we can expect to see regulations designed to deter organizations from taking risks, economic or otherwise.
With so many factors at play that could potentially impact industries and disrupt markets, regulators want to ensure that irresponsibility and recklessness aren’t among them.
To learn more about what has changed within the world of compliance over the last few years, and where things are likely heading, listen to the Proofpoint podcast, The Future of Compliance: AI, COVID and the Changing Landscape.
Subscribe to the Proofpoint Blog