News

The Regulators aren't the Enemy

The Regulators aren't the Enemy

We recently did a piece in Arkansas Business on the changing state of business regulations at the U.S. federal level. The new administration has expressed a ravenous desire to cut regulations and government oversight. We've already seen cuts to the Cybersecurity and Infrastructure Security Agency (CISA), which does not have any regulatory authority over anyone outside the Executive Branch.

It's unfortunate because this agency was started during the first Trump administration and has done great work at not only securing the federal government, but also providing cyber expertise right here in Arkansas. We have great "boots on the ground" CISA experts in Little Rock and Bentonville working with companies across the state.

One thing we worry about, though, is that small and mid-sized business owners and decision makers will see these cuts as a signal that they can reduce or eliminate their cybersecurity programs. While we don't like regulatory compliance any more than you, the regulations aren't the enemy. The cyber threat actors are.

If you take this as an opportunity to reshape your cybersecurity strategy to one that more fits your business goals and desired outcomes, good on you. That's exactly what you should do. Let's drop some of those one-size-fits-all requirements and pick up things that give you a better ROI. We prefer to work with clients who don't have rigid compliance requirements but have an appetite for protecting themselves and their clients. We get to build on what we've learned at other companies, large and small, and top it off with custom provisions specific to your company.

If the recent and forecast changes are making you salivate at the money you'll save when you dump your entire cybersecurity program, I hope you've enjoyed being a business owner. Those days may be coming to an end. We've seen many businesses go under who didn't or couldn't take adequate protective measures. It's never a pretty sight for anyone involved.

Imagine owning a home where you never fixed gas leaks, repaired faulty electric sockets, locked doors, or closed windows. Would you be surprised if you came home one day and it had burned to the ground or you found it gutted of all valuables?

If you are still thinking of your cybersecurity program as boxes to check rather than risks to manage, please give us a call. We'd love to help you reshape your program into one that has an effect beyond just appeasing regulators.