By Kristina Jarusevičiūtė writer at Cybernews – 15 February 2022
As data breaches become a common occurrence, ensuring sensitive information is protected according to up-to-date regulations is more important than ever.
With so many compliance requirements nowadays, keeping up with new laws and regulations is no small feat for organizations. No matter how complex and time-consuming the process might be, failing to ensure compliance can result in more devastating consequences than just having to pay a fine.
To discuss why maintaining compliance is no longer just a recommendation, but a requirement, we sat down with Olivier Guillo, the CEO and Founder of Smart Global Governance.
Can you tell us about the story behind Smart Global Governance? How did this project come about ?
Smart Global Governance was born out of the founder’s frustration with making sure his AI company became – and stayed – GDPR certified.
As Olivier Guillo worked on that task, he realized there are many regulations – from ISO standards to country-specific privacy law variations – that companies need a better way of tracking. Many laws involve how and where data is stored.
What started as a solution for maintaining GDPR compliance has evolved to 170 different frameworks addressing nine risks organizations face, including third-party risk management, internal audits, and data risk.
Governance, risk, and compliance challenges are increasingly complex and rapidly evolving. It is more difficult to control all compliance requirements. The processes are becoming more time-consuming, operating costs are rising sharply and the risks of missing important steps in implementing compliance are increasing.
With this in mind, the founders of Smart Global Governance decided in 2019 to pool their know-how in new technologies (internet, big data, blockchain, artificial intelligence) acquired over the past 25 years in order to reimagine the collaboration between Humans and Technology, at the service of economic actors.
Today, Smart Global Governance publishes a platform for Integrated Risk Management that allows you to have more time to devote to essential subjects and really make a difference.
You take great pride in your Integrated Risk Management platform. Can you tell us more about its features ?
Smart Global Governance’s Integrated Risk Management is a Pragmatic, intuitive, modular solution that helps organizations of all sizes and verticals to create added value, increase efficiency, save time and get global, immediate visibility on all organizational risks with the ability to get siloed software to communicate with each other.
Smart Global Governance’s Integrated Risk Management offers :
- Orchestration of teamwork and information from existing software and information systems to be up to date all the time
- Identification of areas of governance with capacity gaps
- Gradual increase in capacity
- Progressive mitigation of gaps with 1 to 9 addon modules
- 55,000 pre-identified processes
- Over 170 standards and regulations
- More than 10,000 controls
- Governance posture overview, updated in real-time
Smart Global Governance’s Integrated Risk Management platform provides a vertically and horizontally integrated view of risk – starting with an organization’s strategy, business operations, and ultimately the activation of technology assets – through a range of complementary modules, and cross-functional integration of different risk categories to enable a holistic view and to be deployed progressively by USE CASE as needed :
All modules are collaborative, ready to use, and customizable. The Smart Global Governance solution has an open architecture :
Besides providing a risk management solution, you also have a Scientific committee. What are the main goals and areas of focus of this team ?
Smart Scientific Committee is made up of 8 independent world-class experts in compliance, risk management, and governance. It is chaired by Philippe Montigny – President of the International Research Center on Compliance, Ethics, and Finance (CIRCE Finance).
Its objective is to provide Smart Global Governance with advice on emerging issues related to these areas and also to :
- Identify and assess how digital risk management processes can improve risk prevention and promote overall compliance effectiveness in organizations.
- Share forward-looking views on social, technological, organizational, managerial, or regulatory developments in the compliance domain and the potential opportunities for digital solutions to help address them.
It seems like the pandemic tested cybersecurity worldwide. What are the main takeaways ?
Be ready for the unpredictable because of business continuity planning.
Identify your risk globally based on the information retrieved from your integrated risk management platform.
What issues can a business run into if it doesn’t have appropriate compliance certifications in place ?
Compliance, like a good cybersecurity solution, is one of the most critical aspects of your business. Failing to consider compliance regulations, both on-premises and in the cloud, can turn out very costly.
Years ago, compliance was a “recommendation” for your business. It was a good thing to show that you were compliant with a certain security or data regulation, and this helped to make auditing and other processes easier.
In contrast with the state of affairs in 2020, there is now the very weighty and serious impact of non-compliance with legislation, especially for those companies that carry out business across multiple regions and countries including the European Union.
As an example, when considering the significant costs of non-compliance today, one needs to only look at costly regulatory requirements and fines levied by a General Data Protection Regulation (GDPR) violation.
With what GDPR defines as a “severe” violation listed in article 83(5), the total fines could amount to 20 million euros or 2% of its entire global turnover of the preceding fiscal year, whichever is higher. This is no trivial amount when thinking of multinational, global companies, with a global turnover in the millions or even billions.
Have companies been fined due to GDPR violations? Yes, in fact, they have.
Fines are only one aspect of the costs of non-compliance. The consequences of non-compliance are not limited to statutory or legal penalties – the indirect costs to a company are often more significant. These include the inconvenience and cost of righting a mistake, damage to the company’s reputation or credit rating, and even possible loss of contracts.
- Business disruption – any business activities that may be affected by compliance violation consequences or legal holds.
- Productivity losses – business productivity is generally impacted when compliance violations are levied against your business.
- Revenue losses – revenue can certainly be impacted by regulatory violations.
- Fines, penalties, and settlement costs – as shown previously can be significant.
- Reputation damage – negative media coverage of data mishandling which often leads to compliance violations, fines, etc., can also damage customer confidence. This results in lost revenue that can last for years.
- Security breaches – any security breaches resulting from non-compliance might lead to loss of critical business data. Cybercriminals often make money by selling this data. This is not something that businesses can afford while dealing with other aspects of non-compliance.
According to the True Cost of Compliance with Data Protection Regulations, a recent study sponsored by Globalscape and independently conducted by Ponemon Institute, there has been a 45% increase in non-compliance costs since 2011. The study was based on a survey of 53 multinational companies.
An average cost of non-compliance can range from $14 million to a maximum of almost $40 million based on statistics discovered by the same study.
Setting up a cyber security system can often be a lengthy and complicated process. Which features are often overlooked or forgotten about ?
Proper evaluation of the biggest external threats thanks to a systematic third-party risk management program.
Another one is compliance because every industry and organization – from healthcare to finance – has a unique set of regulations, standards, and best practices. Your cybersecurity platform should help your organization achieve, maintain, and prove compliance with whatever regulations are relevant to your industry and geographical location.
Why do you think certain organizations are not even aware of the risks they are exposed to ?
There are 3 barriers :
Technical : the main technical difficulties identified are project management and the unsuitability of tools because they are not adapted to multiple organizations with different legal and operational systems.
Human : with change management (reluctance of operational staff, obstacles to change, etc.), as well as the lack of time and availability of resources, then acculturation to compliance.
Organizational : availability of internal players, motivation of stakeholders and operational staff, need to optimize and rationalize processes or even reorganize.
In your opinion, what kind of attacks are we going to see more of in 2022 ? How can individual users protect themselves online ?
Ransomware will continue to be the biggest threat. Educating users is key as well as a good cybersecurity program.
We must always be on guard and prepared for the worst. Cybercrime is rampant and the threats don’t discriminate. This year alone, four in five large international companies have been targeted by cybercriminals, meaning that nobody’s immune to the risk of a breach. Fortunately, there are ways we can protect ourselves against these risks: strong cybersecurity tools like antivirus software, firewalls, and intrusion detection systems. On top of that, it’s important to train employees so they’d understand data breaches and know how to avoid falling victim to them. The best approach is to not only adopt a comprehensive security approach to every level of the IT stack but also include all business processes in that approach.
And finally, what’s next for Smart Global Governance ?
We’ll continue implementing continuous monitoring features thanks to artificial intelligence.