Making Sense of Dollars and Cents
With the upcoming GDPR directive on everyone’s minds, compliance is a hot issue. Many see compliance as an unnecessary additional expenditure. What they fail to realize, however, is that noncompliance costs nearly three times as much as compliance does.
Today, data is more valuable than gold, and organizations are hyperaware of how precious this commodity really is. Data provides organizations with invaluable insight into their operations, competitors and customers. As organizations continue to grow and the demand for data increases, so does the frequency of data movement. This increased movement is directly related to an increase in data vulnerability, putting companies at risk of loss, leaks and theft.
Recognizing this vulnerability, governing entities have begun to implement compliance standards aimed at preventing data from falling into the wrong hands. However, many organizations hear the word compliance and only see dollar signs. Organizations often believe that they are unable to afford the necessary steps to meet heightened compliance standards set forth. Yet, a recent study from Ponemon and Globalscape reports that it is 2.71 times more costly for an organization to not comply with mandates. The average cost of compliance is $5.47 million versus an average of $14.82 million for noncompliance, which is an average difference of $9.35 million annually.
As organizations are tasked with determining if they have the budget to implement required compliance measures, their motivation to comply is driven by the need to balance protecting their valuable data with the need to minimize costs and/or long-term perils resulting from noncompliance.
When an organization fails to meet compliance standards and regulations, increased costs come in the form of issues such as business disruption, productivity losses, revenue losses and fines, penalties and settlement costs. All is not lost! Globalscape and Ponemon identified 12 best practices that, when implemented, reduce total compliance costs for an organization. The study also identified the average savings associated with each best practice.
In today’s market, in which security fails like Equifax’s fill the headlines, it is no longer an option for organizations to be anything less than hyperaware of their compliance initiatives. From 2011 to 2017, the cost of attaining compliance has steadily grown, rising 43 percent in those six years. For any extremely compliance-heavy industry, such as health care, this number has grown by 106 percent in six years. While achieving regulatory compliance can be complicated and expensive, the alternative is likely more costly – not a viable option for an organization concerned about their bottom line.
Unfortunately, there are organizations who elect to delay compliance efforts because of the associated costs. In so doing, they risk incurring large fines and the loss of customer trust, as well as damage to their reputation, all in an effort to avoid compliance-related expenditures. This short-sighted, high-risk strategy will ultimately result in a negative outcome for the organization. The Globalscape and Ponemon study found that, on average, only 14.3 percent of total IT budgets were spent on compliance in 2017 — not much of an increase from the 11.8 percent reported in 2011. This clearly indicates that organizations are underspending on core compliance activities in the short term and aren’t prepared to allot further budget as the years go on.
Complying with data protection regulations is expensive, but when it comes to dollars and cents, it is significantly more economical for an organization to comply with all data privacy directives than to delay the inevitable. With the May 2018 launch of The General Data Protection Regulation (GDPR), these mandates will continue to grow and become more complex. It is no longer a question of if you will be asked to provide proof that your organization is complying with regulations and protecting sensitive data, but when. Can you afford the risk of noncompliance?
You can read more of the findings from The Trust Cost of Compliance with Data Projection Regulations study here.