Being compliant with laws and regulations is not a guarantee against data breaches
A new report[pdf] by Advisera underscores what security consultants have been telling their clients for years: compliance does not guarantee security. The two are closely related however, as 85% of survey respondents agreed.
90% of respondents said that low security awareness among employees due to a lack of relevant training is among the most common causes of data breaches. Other popular reasons were the absence of a proper security program (75% agreed) and the absence of technical safeguards (70% agreed). Only a small majority (51%) agreed that compliance shortcomings were often linked to data breaches.