Adequate information security cannot be achieved by simply being in compliance with all relevant laws, regulations, and standards. Compliance efforts still say nothing about whether management has taken the time to do the necessary risk management. People want shortcuts, people don’t want to have to think deeply or exert more effort when they are already overwhelmed with other matters. Wall Street focuses on short-term results, rewards managers who cut costs today, even though these same managers may be risking the organization’s bankruptcy in the longer term future.”]
Source: https://www.csoonline.com/article/2124231/the-dangers-of-over-reliance-on-compliance.html