Having the May target date to get compliance moving ever nearer, a substantial number of business organizations (90%) think that GDPR compliance with the upcoming General Data Protection Regulation (GDPR) will be challenging to accomplish.
A survey from GlobalSCAPE and the Ponemon Institute has discovered that GDPR is looked at by participants as being the most difficult among other information compliance laws, such as Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) and the Federal Information Security Management Act (FISMA). The cost of non-compliance has significantly increased over the past few years, and the issue could grow more serious.
It is essential to adhere to laws and regulations, even though financial services firms deal with much more than $30.9 million per year in compliance costs. These particular expenses extensively fluctuate based upon the volume of private or confidential information a specific sector handles and is mandated to safeguard. That said, the typical cost of complying increased 43% from 2011, and amounts to over $5.47 million every year.
Companies are not spending enough on maintaining or meeting compliance, as it only accounts for an average of 14.3% of the IT department's budget. That comes with perhaps even more significant price tags: The mainstream cost pertaining to non-compliance increased 45% from 2011, and amounts to $14.82 million on a yearly basis.
Which indicates that non-compliance costs 2.71 times the figure of managing or complying with compliance criteria. Non-compliance costs result from the expenses related to business disruption, work productivity decreases, fines, penalties, and judgment payments, to name a few.
In terms of taking care of this and also fulfill compliance requirements, business organizations can easily work with a variety of strategies which are able to factor into the total price. Those could possibly incorporate administration expenses, professional services, training courses, and communication and also technology, among others. Information safety and security has the highest average compliance price for organizations, averaging $2 million a year.
Whenever looking into the top three technologies currently in use to take care of compliance, of the companies studied, organizations on a yearly basis shell out close to $1.34 million on compliance-related systems, $1 million on incident response, and $750,000 on examination and assessments. This financial investment does inevitably pay off, according to the end results, as companies running frequent audits had a decreased long-term compliance expenditure. More than a couple of audits a year have the ability to markedly decrease this one cost: companies might actually end up paying $14 million in the event that they conduct more than two audits as opposed to $27 million for one or two audits a year.
Organizations which employ centralized information governance at the same time stand to save the most, as they could possibly lessen their compliance payments by $3 million.
An organization's safety and security position can certainly also immensely increase or decrease the cost of compliance or non-compliance. In fact, entrenched laws for example, HIPAA or PCI-DSS currently incorporate obligations specific to data protection or data breach responses. Organizations that do not have an effective or strong security ecosystem in place face up to an average of $25 million in yearly expenses to come up to compliance.
" The conclusions from both the 2011 and 2017 examinations offer solid proof in which it pays to spend for compliance," said Larry Ponemon, chairman and founder at Ponemon Institute. "With the passage of more data protection regulations that can result in costly penalties and fines, it makes good business sense to allocate resources to such activities as audits and assessments, enabling technologies, training and in-house expertise."
" It's not surprising that the overall cost of compliance has risen so drastically over the past six years," said Peter Merkulov, CTO at Globalscape. Organizations have a responsibility to their customers, partners and vendors to protect data, which also means being constantly vigilant with compliance mandates or regulations such as GDPR or PCI DSS. Whether that protection comes as a result of investment in technologies like data loss prevention, managed file transfer, data classification, or governance, risk, and compliance solutions, or better enforcement of current data protection policies, the risks and reward from a cost perspective is pretty clear."