- IO research shows 87% of UK cybersecurity managers doubt the credibility of speed-focused certification programs
- Rapid, automated compliance creates a false sense of security, as certifications like ISO 27001 do not guarantee resilience.
- Experts emphasize continuous monitoring and human oversight, as automated recommendations and evidence still need validation and interpretation.
Compliance programs focused on speed could help companies obtain cybersecurity certifications more quickly, but security professionals are skeptical if speed comes at the expense of real business resilience.
This is according to new research from resilience specialists IO, which claims that 87% of senior cybersecurity managers in the UK believe that the speed at which certification is achieved affects their credibility.
According to the report, compliance initiatives that are highly automated or compressed into short time frames are creating a false sense of security. Certifications like ISO 27001 could help companies win contracts and maintain an image, but researchers warn that certification alone does not guarantee real operational resilience.
Gaps in security posture
“Organizations that focus on achieving certification as quickly as possible risk leaving gaps in their security posture,” said Chris Newton-Smith, CEO of IO. “Certification can open doors to new contracts and demonstrate commitment to recognized standards, but treating certification as the end goal rather than the result of establishing and incorporating effective compliance is often at the expense of long-term resilience. Companies must treat compliance not as a box-ticking exercise, but as an evolutionary, iterative and business-critical project.”
Surveying 251 cybersecurity managers in the UK, IO found that 31% consider continuous monitoring of controls to be the strongest indicator of compliance resilience. At the same time, a fifth (21%) said certifications could reflect security controls at the time of an audit, but could become obsolete soon after.
The IO also highlighted the importance of human experience in these programs. Nearly half (45%) of respondents said human involvement remains essential when evaluating whether automated compliance recommendations remain relevant and accurate, and another third (33%) said complex regulations still need human interpretation.
Finally, 32% highlighted the importance of humans in validating compliance evidence generated by automated systems.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
