CISO Sean Atkinson on Moving From ‘GRC Theater’ to Continuous GRC EngineeringAs NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said.
GRC has always been theater. Companies want to move faster than control operators can build and maintain, so there are inevitable gaps and shortcomings. And now with everyone feeding corporate data into AI platforms who are definitely not protecting the data, access controls are basically a moot point.