In today’s digital age, ensuring data security is crucial for organizations across all industries. 

The security landscape is rapidly evolving, presenting new challenges worldwide. Cyber threats are increasingly sophisticated, with social engineering attacks such as business email compromise (BEC) on the rise. 

A recent analysis shows a significant increase in pretexting incidents – the use of a fabricated story to gain a victim's trust and manipulate them into sharing sensitive information, downloading malware, sending money, or otherwise harming themselves or their organization – over the past six years, doubling in frequency and now accounting for more than 50% of social engineering attacks. 

High-profile data breaches at companies like AT&T, Change Healthcare, and MGM Resorts International highlight the pervasive threat of cyberattacks, resulting in financial losses, reputational damage, and legal ramifications. These threats underscore the need for robust security measures and a proactive approach to safeguarding information.

In the article, “Navigating the Complex Security Landscape: The Intersection of Security, Compliance, and Culture,” recently published in the winter 2025 issue of NewsAccount, COCPA Technology Users Group member Blaise Wabo makes a case for identifying an organizational data security strategy and cultivating a security culture – a collective mindset and set of practices within an organization that prioritize and promote security measures. 

Key components include:

• Executive leadership commitment: Top management prioritizing security
• Continuous education and training: Regular updates and training for employees
• Proactive risk assessments: Regular evaluations of potential threats
• Employee engagement programs: Initiatives to involve all employees in security practices

In the article, Wabo details the strategy for implementing a cybersecurity plan and security culture, and notes that navigating the intersection of compliance and security requires a holistic approach that prioritizes regulatory adherence and cultural transformation. 

“By integrating compliance initiatives with security culture objectives and fostering a collective mindset of security consciousness, organizations can build resilient defenses against the evolving threat landscape,” he writes.

To learn more about the intersection of security, compliance, and culture, including examples of data protection initiatives in the financial services, healthcare, e-commerce, and other sectors, read the full article in the winter 2025 issue of NewsAccount. 

Click here to learn more about the COCPA Technology Users Group, or contact Stacy Svendsen.