The difference between compliance and security is like a little boy doing what you said because you’re dad vs. the little boy doing what you said because it’s right.
Compliance is something you do because you’re told. Security is something you do because it’s the right thing.
While it’s good to know and do what cyber regs prescribe for your business, it’s more noble to aspire toward security out of moral obligation.
After all, your customers and employees expect that you’re protecting their data at all costs. I don’t bite my fingernails when I log into Gmail. I log in confidently expecting that Google has a heart towards securing my data while in their hands.