As organizations enhance their own defenses, federal regulators in critical industries such as financial services, healthcare and energy are also becoming more involved, examining companies' security infrastructure and policies and enforcing cybersecurity readiness. But are these regulatory efforts working? What more should regulators be doing?