Looking Ahead: Compliance Trends and Predictions For 2023

Zoe Macdonald
Content Writer
compliance 2023

The consequences of non-compliance can be devastating.

In 2023, businesses have more to fear than just the formal penalties issued by regulatory or legislative entities. With cybercrime rates at a seemingly all-time high, and even once-trusted cybersecurity companies proving susceptible to breaches, organizations are on high alert.

Failing to comply is more than just a compliance issue or an unchecked box. It can represent an unchecked vulnerability that may give way to a data breach that will have your brand name on consumers’ lips for all the wrong reasons.

That’s why we invited two compliance and security experts to speak on the future and state of compliance. Here’s a short recap of the conversation moderated by Gerald Kasulis, VP of business operations at Nord Security, with:

  • Deena Swatzie, SVP, Cyber Security Strategy and Digital Innovation at Truist,

  • Joy Bryan, GRC/Privacy Technology Analyst, RNSC Technologies, LLC.

Kasulis asked the panelists astute questions about the implications of adopting tech powered by AI, the current corporate climate, and how businesses can prioritize compliance on a shoestring budget.

Watch the webinar recording in full right now or keep reading to find out three takeaways that will help kickstart or support your compliance agenda this year.

Increasingly savvy consumers will hold businesses accountable

When data breaches happen, usually it’s the consumers who suffer. The consequences range in severity and kind, but whether major or minor, reputational or financial, a violation of one’s privacy through personal data exposure is never a welcome outcome.

As businesses become hyperaware of the likelihood of a data breach, consumers are equally tuned in.

Consumers are getting smarter in that [data privacy] space. They're going to expect more, they're going to hold companies accountable. And so that's why your compliance needs to be in place.

Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

Consumers are more likely than ever to want assurances that their personal data will be kept safe as concerns surrounding data privacy become more mainstream. They want to know how their information will be stored and what measures businesses are taking to protect it.

In today’s climate, trust is a linchpin of customer satisfaction. A recent survey revealed that 71% of consumers are unlikely to buy from a company that loses their trust — which is bad news for businesses that have suffered major breaches.

Meeting compliance standards and earning certifications can be a shorthand for establishing (or re-establishing) customers’ confidence: this ensures that businesses are following the agreed-upon best practices in a verifiable way.

At the end of the day, the buck stops with corporations who collect and store personal data. They will be held accountable for their (in)ability to protect the data they keep.

“Consider yourself as the consumer,” says Swatzie. She suggests that businesses should use the golden rule as a framework — treat consumer data as you would hope and expect yours to be treated.

Stakeholders will be more demanding on compliance initiatives

An increase in cyber risk has left business leaders on high alert for any weakness in their resilience and cyber defense strategies. That’s not a bad thing. Compliance professionals and those who have fought to prioritize security initiatives in the past will be much more likely to get the green light this year.

At the same time, this shift in focus will come with pressure to perform — and this has the potential of having to make difficult decisions amid competing priorities.

Cybercrime will continue to evolve in new and unexpected ways

Each day brings fresh opportunities for cybercriminals. As technologies and habits evolve, cybercrime is just as quick in keeping up. That means that as your workplace implements changes in 2023 it will also introduce new vulnerabilities. And remember that even the best security practices are susceptible to exploitation.

One example is the hacking technique called MFA Fatigue or MFA Bombing, which rose significantly in popularity over the past year. This technique, wherein cybercriminals “spam” users’ devices with authentication requests, counts on their confusion, frustration, or haste to dismiss notifications to defeat multi-factor authentication.

With cybercrime, the following cliche holds true: the only constant is change.

AI tools will become invaluable but add complexity

ChatGPT’s release in Q4 of 2022, seemed to have marked the beginning of much more accessible AI. The sophisticated humanlike dialogue of this call-and-response tool has already inspired a number of use cases in a corporate context.

Experts predict that this is merely the tip of the iceberg, suggesting that 2023 will bring many new tools that will use automation in unforeseen ways. And while office workers are right to hop onboard, they should also be weary that untested tools can bring outsized cyber risk.

Legislative compliance will be more aggressively enforced

As more data privacy laws are passed around the world, including the United States, the enforcement of existing legislation is expected to ramp up. The number of GDPR fines issued, for instance, constantly increases year after year. It is unlikely that this year will be an exception.

Accordingly, businesses should not expect an informal grace period once these laws come into force. The webinar panelists pointed out that some penalties may even have retroactive application, warning businesses against complacency.

How can businesses meet these compliance challenges?

Here’s what the panelists recommended in order to prepare for the dynamic and developing compliance landscape of 2023.

Prioritize third party vetting

Amid new challenges, Bryan and Swatzie stressed the importance of the fundamentals. Both panelists agreed that third party management should be a key focus for 2023.

Swatzie said that because of a previous blindspot and the resulting consequences, prudent businesses should be expected to keep a close eye on relationship management.

At least make sure that whatever third party you're working with … that they are concerned about [data security compliance] and that they have some controls in place.

Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Adopt tools that serve multiple functions

Even when we talk about talent and the workforce, everyone's immediate response is ‘we need more resources.’ You don't always necessarily need more resources.

Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Swatzie explained that it’s important to understand what exactly is required to meet compliance standards so that you can balance what you have with what you need. Here, collaboration between teams is key. Security and compliance initiatives will overlap.

Both experts agree that it’s best to start by looking at in-house tech and talent before making an investment. And on the occasion when you do require an additional resource, like software, be sure that you’re adopting tools that serve multiple functions.

I think that whatever platforms and technologies are implemented should have a collaborative feel — where you're tackling multiple things at once.

Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

NordPass Business, for instance, delivers so much more than password management. You also get a powerful data breach scanner, password health metrics, a detailed activity log, company-wide advanced security settings, and multi-factor authentication.

On the topic of breaches, take solace in NordPass’ zero-knowledge architecture which ensures that only you hold the key to your business credentials and vault items. In the unlikely event of a breach at NordPass, your private information will remain encrypted and out of reach to cybercriminals.

New investments in tech solutions should add value to what many teams are likely to prioritize the most: workflow efficiency. Consider how and whether security and compliance tools speak to that need.

Get into the nitty gritty. Take the time to consider your existing and prospective tools’ full scope to avoid overinvesting in overlapping functions.

According to Swatzie, “Privacy is everybody's responsibility. Security is everybody's responsibility. Compliance is everyone's responsibility.” For that reason, it’s important not to take buy-in for granted with a top-down approach.

Ask yourself: will my team be open to adopting this policy or software? Does it promote or detract from their respective top priorities?

Adopt artificial intelligence tools — with caution

On the topic of new tech, the experts suggest approaching new AI tools with caution. Bryan suggests, “if we're using these tools they can't just be the only tool,” stressing that it’s important to hedge your business’ reliance on automation tools with the appropriate checks and balances.

As always, new tools and technology will outpace compliance standards, putting the onus on compliance and security professionals to appropriately manage the risk of adoption:

[AI tools] will be a challenge in compliance because it's going to be hard to keep up with the frequency of these changes and these tools that start to come out.

Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

Swatzie agrees, suggesting that while members of your team may get carried away with the tools’ “bells and whistles,” you should evaluate the privacy policies closely.

Tools are great, they help to streamline processes and make things more efficient. You definitely need that but at the same time you've got to look at what's going on with the data in these tools and how it is being secured.

Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Be as proactive as possible

If we had to summarize the experts’ advice in just two words: be proactive. Specifically, on the topic of lessons learned from a turbulent 2022:

I would hope that in terms of lessons learned, it allows businesses to be a little bit more proactive in their approach and in their strategies.

Joy Bryan

GRC/Privacy Technology Analyst at RNSC Technologies, LLC

If your compliance and security strategy is only reactive, then it shows a lack of forward-thinking, meaning you’re likely to be continuously caught off guard and lagging behind. Swatzie suggests that compliance professionals and business leaders “put on their auditor hat.”


I'm used to being heavily regulated and audited so I've learned enough from the auditors to know exactly what they're going to ask me before they ask me. So going back to what Joy said earlier, be as proactive as possible.

Deena Swatzie

SVP, Cyber Security Strategy and Digital Innovation at Truist

Where possible, brace your business for what’s likely to come down the compliance pipeline by studying the standards themselves. With an intimate understanding of the “spirit of the law” you should be able to intuit what’s next and prepare accordingly.

That being said, it’s not a lack of motivation that leaves security and compliance professionals in a reactive position. When it comes to cyber incidents, board and senior leadership members sometimes struggle to see prevention as the cure — waiting until after an event has occurred to implement more stringent security measures.

To learn more about how to get buy-in from colleagues and management before the fact, read our guide on how to campaign internally for cybersecurity.

Summary

In 2023, pressure on compliance initiatives will seem to come from all angles. Consumers, stakeholders, as well as the legislative and regulatory standards themselves will tighten amidst an increasingly risky cyber landscape.

In response, businesses and compliance professionals should not act too hastily, quickly acquiring new resources to fill the gap. Instead, the experts recommend a focus on the fundamentals. Both business partners and tools should be carefully vetted before they’re adopted to bring your business up to speed on the latest standards.

Ultimately, the goal should be to move from a reactive to a proactive approach to your compliance strategy, anticipating what is coming down the road so that you’re prepared when it arrives.

Want to learn more about regulatory compliance and how NordPass Business can help? Read on.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.