When might an industry-specific security framework or architecture be required for a company?

An industry-specific security framework or architecture is typically required when the company's industry is regulated. Regulated industries often have specific compliance requirements and standards that must be met to ensure the protection of sensitive data and maintain trust with customers and stakeholders. Examples of such industries include finance, healthcare, and critical infrastructure sectors.