ARTICLE

Balancing Breakthroughs With Regulatory Responsibilities

05.16.2025
Eric Foss, Cybersecurity Research Engineer
No one wants to do what everyone else is doing, and no one wants to be told what to do. Certainly not in a competitive market. Standing out with innovation, by showing how much better you can do something than the rest, can bring in substantial income and clout and motivates customer loyalty…sometimes.As a cybersecurity research engineer, I have spent considerable time immersed in IEC standards, whose influence I have seen spread into the United States through acquisitions of utilities by foreign companies. While there might be some good arguments for ignoring industry requirements, whether regulatory or voluntary, I have also witnessed significant opportunities missed due to a lack of adherence to regulatory standards. To an extent, these standards cannot be ignored—and I would argue they shouldn’t be.This article will explore the delicate balance between compliance and innovation across various industries, with a focus on cybersecurity compliance. By examining real-world examples, such as Volkswagen’s emissions issue, Theranos’ regulatory challenges, and Boeing’s 737 MAX situation, we will illustrate the significant consequences of not meeting industry requirements. By analyzing these cases, we can gain valuable insights on how to manage regulatory responsibilities while encouraging innovation.The Importance of Adherence to StandardsWhy are standards important? In the context of industrial control systems, IEC 62351-8 and -9 provide effective guidelines for secure access control. These standards are voluntary and describe best practices; however, lack of certification or adherence to these standards can lead to barriers in B2B relations and reputational damage. Regulations like the NERC CIP cybersecurity standards, which aim to ensure the reliability, safety, and efficiency of power systems, are legally binding. Noncompliance can result in penalties such as operational restrictions and fines. Industries can also be bound by laws; for example, NIS2 in the European Union aims to enhance cybersecurity across various sectors, including power systems, and requires the implementation of measures to protect critical infrastructure from cyber threats. Each of these industry requirements have penalties for nonadherence, but the benefits of following them can also bring opportunities and enhanced safety and security.The Pitfalls of NoncomplianceInnovation Before ImplementationOne of the most common mistakes organizations make is prioritizing innovation before ensuring proper implementation. Companies may rush to create innovative products or services, ones that go above and beyond what the requirements ask for. This can lead to several issues, including:
  • Loss of OpportunitiesAttempting to develop a highly innovative product without adhering to considering basic solutions that fit the industry can result in missed short-term opportunities.
  • Reputational Damage—Noncompliance can tarnish a company’s reputation, leading to the loss of customer trust and loyalty.
  • Operational Disruptions—Regulatory breaches can halt operations, affecting overall business continuity.
Neglecting compliance in favor of innovation can significantly impact organizations. Compliance ensures safety, reliability, and quality, serving as the foundation for innovation. For instance, in the power systems industry, adhering to standards like IEC 62351 and IEC 62443 is vital. Ignoring these can lead to severe consequences. A balance between timely compliance and innovation is crucial.To bring this idea to life, we’ll use an analogy. Imagine there is a bioengineering firm that’s decided to enter a livestock competition with the goal of presenting an extraordinary flying pig, who we’ll name Hamperage. Unfortunately, thanks to the lengthy process of developing a winged pig, the firm was too late to submit their pig for the competition. By prioritizing new ideas before necessary implementation, they missed their opportunity, illustrating the importance of balancing innovation with timely compliance. Adhering to standards not only safeguards quality but also fosters customer trust and market acceptance, positioning companies for long-term success.The Notion That Standards Aren’t a SolutionAnother pitfall is the belief that adhering to standards stifles creativity and innovation. This stance often involves asserting that a given standard is subpar and then proposing an alternative. While this approach showcases confidence in one’s innovative capabilities, it can also lead to customer skepticism and exclusion from markets that prioritize strict compliance with standards.To illustrate this, let’s return to the bioengineering firm intent on innovating their way to victory at the livestock competition. Knowing they are superior to any pig, they’ve instead chosen to submit a unicorn (who we’ll name Horsepower). However, because they’ve chosen to enter a unicorn into a competition meant for livestock, the judges are forced to disqualify Horsepower, regardless of how innovative or spectacular he is. Similarly, proposing alternative solutions to established standards may cause customers to doubt a company’s credibility, even if the alternative is superior. Balancing compliance with innovation is crucial to maintaining market trust and opportunities.Ignoring standard requirements in this way can lead to:
  • Inconsistent QualityWithout considering industry requirements, the quality of products or services can vary, leading to customer dissatisfaction.
  • Increased RiskNoncompliance with safety-related requirements can pose significant risks to consumers and employees, potentially leading to accidents and liabilities.
  • Market RejectionProducts that do not meet industry standards may be rejected by the market, resulting in financial losses.
Real-World Lessons From Industry GiantsNumerous companies across various industries have faced similar challenges when balancing compliance and innovation. Volkswagen’s emissions scandal in 2015 highlighted the severe consequences of ignoring regulations. The company faced billions in fines and a significant reputational hit. Volkswagen’s attempt to bypass emissions standards rather than innovate within them resulted in long-lasting damage to their brand and trustworthiness.Similarly, Theranos, once a promising startup in the medical technology sector, failed to adhere to regulatory standards in its rush to innovate. The lack of compliance with healthcare regulations and standards led to scrutiny, legal issues, and the eventual collapse of the company. This case underscores the importance of prioritizing compliance to ensure product safety and reliability.Boeing’s 737 MAX crisis is another stark example of how compromising on safety standards can lead to catastrophic outcomes. In their pursuit of rapid innovation and market competition, Boeing overlooked critical compliance checks, resulting in two fatal crashes and a subsequent global grounding of the aircraft. This incident illustrates the vital necessity of adhering to safety standards in the aviation industry. Additionally, Facebook’s regulatory challenges related to data privacy and security and Samsung’s Galaxy Note 7 recall due to battery explosions further emphasize the critical role of compliance in maintaining user trust and safeguarding sensitive information.Modified Approaches for Effective Standards ComplianceTo tackle these issues, organizations need to adjust their approaches. Two key recommendations include innovating postimplementation and considering standards as entry points.Innovation After ImplementationA balanced approach involves first meeting the minimum requirements of the industry and then working to innovate upon that compliance. By doing so, organizations can ensure they are not missing market opportunities while still pursuing innovative solutions. Once they have achieved compliance, companies can focus on enhancing and innovating their solutions. To return to our analogy, if the bioengineering firm had entered a pig that met the basic requirements for the competition, they would have been able to participate, and potentially win, while later developing flying pigs that dominate future competitions. This tactic allows companies to secure market presence and customer trust initially, affording a chance to dazzle customers with skill and design.Standards as a GatewayViewing compliance as an entry point rather than a hurdle allows companies to ensure market entry and customer trust by creating a foundation of compliance. They can then introduce innovative solutions, enhancing their offerings without missing immediate opportunities. Presenting a pig that meets requirements, ensures qualification, and demonstrates competency guarantees you are in the running and gives access to an audience that is more receptive to the unicorn’s superiority.Embrace Compliance to Foster Innovation and Drive GrowthBalancing compliance with innovation is a critical challenge for organizations across all industries, especially in the realm of industrial control system cybersecurity. While the temptation to prioritize groundbreaking ideas over adherence to standards and regulations is strong, the consequences of neglecting industry requirements can be severe. From missed opportunities and reputational damage to legal penalties and operational disruptions, noncompliance poses significant risks. However, compliance should not be viewed as a hindrance to innovation. Instead, it can serve as a solid foundation upon which innovative solutions are built. By adhering to established standards and regulations, companies can ensure the safety, reliability, and quality of their products and services, thereby gaining customer trust and opening new market opportunities.Through real-world examples, such as Volkswagen’s emissions scandal, Theranos’ regulatory challenges, and Boeing’s 737 MAX issues, we have seen the profound impact of ignoring industry requirements. These cases underscore the importance of managing regulatory responsibilities while fostering innovation. By learning from these examples, organizations can navigate the complexities of compliance and innovation, ultimately achieving a balance that drives both safety and progress. The path to successful innovation lies in recognizing the value of compliance and integrating it into the innovation process. Through this, companies can not only avoid the pitfalls of noncompliance, but also leverage these requirements as a strategic advantage, ensuring sustainable growth and resilience in an ever-evolving industry landscape.
Additional Posts by Contributor

Contribute to the conversation

We want to hear from you. Send us your questions, thoughts on ICS and OT cybersecurity, and ideas for what we should discuss next. 

Related post

Article

Streamlining Regulatory Compliance Management with AI

Feb 19, 2025

Read the article 
Return to the Cybersecurity Center for more content.Return to main page 

Subscribe to our mailing list

Subscribe today for notifications and the latest updates on the Cybersecurity Center.