- IO research shows that 87% of UK cybersecurity leaders doubt the credibility of speed-focused certification schemes.
- Rapid, automated compliance creates a false sense of security, with certifications like ISO 27001 not guaranteeing resilience.
- Experts emphasize continuous monitoring and human oversight because automated recommendations and evidence still need to be validated and interpreted.
Compliance programs focused on speed could help companies achieve cybersecurity certifications more quickly, but security professionals are skeptical if speed comes at the expense of actual business resilience.
That’s according to new research from resilience specialists IO, which claims 87% of UK cybersecurity managers believe the speed with which certification is achieved affects its credibility.
According to the report, compliance initiatives that are either heavily automated or squeezed into short time frames create a false sense of security. Certifications like ISO 27001 could help companies win contracts and maintain their image, but researchers warn that certification alone does not guarantee real operational resilience.
Gaps in security posture
“Organizations that strive to achieve certification as quickly as possible risk leaving gaps in their security posture,” says Chris Newton-Smith, CEO of IO. “Certification can open the door to new business and demonstrate a commitment to recognized standards, but treating certification as an end goal rather than the result of establishing and embedding effective compliance is most often at the expense of long-term resilience. Companies must view compliance not as a box-ticking exercise but as an evolving, iterative, business-critical project.”
Surveying 251 UK cybersecurity leaders, IO found that 31% view continuous monitoring of controls as the strongest indicator of compliance resilience. Meanwhile, a fifth (21%) said certifications might reflect security controls at the time of an audit, but could become outdated shortly after.
IO also emphasized the importance of human expertise in these programs. Nearly half (45%) of respondents said human involvement is still essential to assess whether automated compliance recommendations are still relevant and accurate, and another third (33%) said complex regulations still require human interpretation.
Finally, 32% highlighted the importance of humans in validating proof of compliance generated by automated systems.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
