Both U.S. and UK cybersecurity frameworks are expected to evolve significantly over the next 24 months. Meeting the challenge of delivering on these regulatory expectations requires compliance teams to claim their seat at the table when it comes to cybersecurity—an area where many of them seem reluctant to engage. Global regulators are also going to be looking for an “all lines of defense” approach when they assess an organization’s cybersecurity program. Cyber risk is now something that everyone manages. This article provides questions regulators are likely to ask of firms.