In a lot of cases, they absolutely are. Certainly we've seen a significant change in the Government of Canada over the last five to six years, probably, as we've tried to show the consequence of not following the top 10, and I think businesses, boards of directors, etc., are very much looking for something they can measure their cybersecurity efforts against, so they do use the top 10 to evaluate how they're doing, and they go through them one by one.
On January 30th, 2019. See this statement in context.