Jothy Rosenberg

expert panel

Data protection rules are tightening faster than most executive teams can update their playbooks. California has approved new regulations requiring risk assessments and cybersecurity audits for many businesses, and the SEC has rolled out new cybersecurity disclosure requirements that raise the stakes for boards and C-suites. Globally, companies face tightening scrutiny, and the penalties for missteps can be steep: GDPR violation fines exceeded €3 billion in the first half of 2025 alone. For business leaders already juggling digital transformation, AI adoption and sprawling data ecosystems, managing incoming (and ongoing) waves of cybersecurity rules and regulations can feel overwhelming. But the real danger isn’t just the number or complexity of new rules—it’s the blind spots leaders don’t realize they have. From siloed security and shadow IT to hidden vendor vulnerabilities, many organizations have all the warning signs of an incoming compliance headache. As experts in enterprise cybersecurity strategies and regulatory compliance, the members of the Senior Executive Cybersecurity Think Tank know where leaders most often overlook risk—and why regulators tend to focus on those areas after a breach. Below, three of them share what executives should prioritize now to stay compliant and resilient and avoid costly surprises down the line.