Complex Regulations like GDPR and Increasingly
Sophisticated Cyberattacks Inflate Non-Compliance Costs for
Organizations
GlobalSCAPE, Inc. (NYSE American: GSB), a worldwide leader in
the secure movement and integration of data, and the Ponemon
Institute released the results of a new study analyzing the cost of
complying and not complying with industry or government data
protection regulations. According to the report, the cost of
non-compliance has significantly increased over the past few years,
and the issue could grow more serious. A vast majority of
organizations (90 percent) believe that compliance with the
upcoming General Data Protection Regulation (GDPR) would be
difficult to achieve. GDPR is considered by respondents to be the
most challenging among other data compliance regulations such as
Health Insurance Portability and Accountability Act (HIPAA),
Gramm-Leach-Bliley Act (GLBA) and Federal Information Security
Management Act (FISMA).
The new report, “The True Cost of Compliance with Data
Protection Regulations,” looks at the economic effects of
organizations’ compliance activities, including people, processes
and technologies. Within this study, compliance covers industry and
government regulatory mandates such as global privacy, data
integrity, data loss and credit cardholder protection, as well as
self-enforced regulatory frameworks like International Organization
for Standardization (ISO), National Institute of Standards and
Technology (NIST), etc.
Key findings from the report include:
- The average cost of compliance
increased 43 percent from 2011, and totals around $5.47 million
annually. However, the average cost of non-compliance increased 45
percent from 2011, and adds up to $14.82 million annually.(1)
- Non-compliance costs 2.71 times the
cost of maintaining or meeting compliance requirements.
Non-compliance costs come from the costs associated with business
disruption, productivity losses, fines, penalties, and settlement
costs, among others.
- The cost of compliance can vary by
industry: media organizations average $7.7 million annually to
comply with regulations and policies, while financial services
companies face more than $30.9 million annually in compliance
costs. These costs widely vary based on the amount of sensitive or
confidential information a particular industry handles and is
required to secure.
- Among the individual regulations,
survey respondents found that GDPR is the most difficult to achieve
compliance, even though enforcement for GDPR doesn’t start until
May 25, 2018. 90 percent of respondents felt that GDPR would be
difficult, while only 55 percent felt that the Payment Card
Industry Data Security Standard (PCI-DSS) was a challenge, the
second highest amongst all regulations.
- Companies are not spending enough on
maintaining or meeting compliance, as it only accounts for an
average of 14.3 percent of the IT department’s budget.
Data protection regulations are increasingly complex in nature,
due to the increased value and sensitivity of personal or
proprietary data. As data becomes more valuable, the risk of data
breaches, data loss, cyberattacks or insider threats becomes a
grave and urgent issue. The enforcement of regulations like GDPR
demonstrates the new era of complex policies developed to protect
data at an individual level from increasingly sophisticated
cyberattacks. More data protection regulations and frameworks like
the EU’s GDPR are expected to be developed and implemented from
other areas of the world, including China and Australia.
Source of Compliance Costs
To meet compliance mandates, organizations employ a number of
methods that can factor into the total cost. These could include
administration overhead, consultant services, training, and
communication and technology, among others. Data security has the
highest average compliance cost for organizations, averaging $2
million a year.
When looking at the top three technologies already in use to
maintain compliance, of the companies surveyed, organizations
annually spend around $1.34 million on compliance-related
platforms, $1 million on incident response, and $750,000 on audit
and assessments. This investment does ultimately pay off, according
to the results, as companies conducting regular audits had a
reduced overall compliance cost. More than two audits a year can
significantly reduce this cost: companies might find themselves
paying $14 million if they run more than two audits versus $27
million for one or two audits a year.
Breaking Down Non-Compliance Expenses
The report also shows that companies are not spending nearly
enough on compliance, and therefore the costs associated with
non-compliance are 2.71 times higher. While the average annual cost
of non-compliance is $14.82 million, the range could be anywhere
from $2.2 million to $39.22 million.
An organization’s security posture can also vastly increase or
decrease the cost of compliance or non-compliance. Even established
regulations such as HIPAA or PCI-DSS now include requirements
specific to data security or data breach responses. Organizations
that do not have an effective or strong security ecosystem in place
face up to an average of $25 million in annual costs to meet
compliance.
Organizations that implement centralized data governance also
stand to save the most, as they could reduce their compliance costs
by $3 million.
Supporting Quotes:
Dr. Larry Ponemon, Chairman and Founder at Ponemon
Institute“The findings from both the 2011 and 2017 studies
provide strong evidence that it pays to invest in compliance. With
the passage of more data protection regulations that can result in
costly penalties and fines, it makes good business sense to
allocate resources to such activities as audits and assessments,
enabling technologies, training and in-house expertise.”
Peter Merkulov, Chief Technology Officer at
Globalscape“It’s not surprising that the overall cost of
compliance has risen so drastically over the past six years. Data
is a precious commodity for individual consumers and multinational
organizations alike. And the threat posed by cyberattacks is only
growing exponentially. Understanding where your data travels,
resides, and how to best protect it is no longer an option for
companies, especially as their businesses’ livelihood is also at
stake. Organizations have a responsibility to their customers,
partners and vendors to protect data, which also means being
constantly vigilant with compliance mandates or regulations such as
GDPR or PCI DSS. Whether that protection comes as a result of
investment in technologies like data loss prevention, managed file
transfer, data classification, or governance, risk, and compliance
solutions, or better enforcement of current data protection
policies, the risks and reward from a cost perspective is pretty
clear.”
Methodology
Ponemon Institute and Globalscape conducted “The True Cost of
Compliance with Data Protection Regulations” to determine the full
economic impact of compliance activities for a representative
sample of 53 multinational organizations. An earlier study was
completed in 2011 and those findings are compared to this year’s
results.
The key findings are based on the benchmark analysis of 53
multinational organizations located in the United States. Ponemon
Institute obtained information about each organization’s data
compliance costs using an activity-based costing method and a
proprietary diagnostic interviewing technique involving 237
functional leaders. These research methods captured information
about direct and indirect costs associated with compliance
activities during a 12-month period. Ponemon defines a compliance
activity as one that organizations use to meet the specific rules,
regulations, standards, policies and contracts that are intended to
protect information assets.
The organization’s benchmarking efforts also captured the
direct, indirect and opportunity costs associated with
non-compliance events during a 12-month period. Non-compliance cost
is defined as the cost that results when a company fails to comply
with rules, regulations, policies, contracts, and other legal
obligations.
For more information or to download the report, please visit:
https://www.globalscape.com/resources/whitepapers/data-protection-regulations-study.
About Ponemon Institute
Ponemon Institute© is dedicated to advancing responsible
information and privacy management practices in business and
government. To achieve this objective, the Institute conducts
independent research, educates leaders from the private and public
sectors and verifies the privacy and data protection practices of
organizations in a variety of industries.
About Globalscape
GlobalSCAPE, Inc. (NYSE American: GSB) is a worldwide leader in
the secure movement and integration of data. Through Globalscape’s
powerful yet intuitive technology, organizations can accelerate
their digital transformation and maximize their potential by
unleashing the power of data. For more information, visit
www.globalscape.com or follow the blog and Twitter updates.
Safe Harbor Statement
This press release contains forward-looking statements within
the meaning of Section 27A of the Securities Act of 1933 and
Section 21E of the Securities Exchange Act of 1934. The words
"would," "exceed," "should," "anticipates," "believe," "steady,"
"dramatic," “expect,” and variations of such words and similar
expressions identify forward-looking statements, but their absence
does not mean that a statement is not a forward-looking statement.
These forward-looking statements are based upon the Company’s
current expectations and are subject to a number of risks,
uncertainties and assumptions. The Company undertakes no obligation
to update any forward-looking statements, whether as a result of
new information, future events or otherwise. Among the important
factors that could cause actual results to differ significantly
from those expressed or implied by such forward-looking statements
are risks that are detailed in the Company’s Annual Report on Form
10-K for the 2016 fiscal year, filed with the Securities and
Exchange Commission on March 27, 2017.
(1): The percentage net change calculation is defined as
follows: (FY2017−FY2011) ÷ [(FY2017+FY2011)×½]
View source
version on businesswire.com: http://www.businesswire.com/news/home/20171212005155/en/
GlobalscapeCiri Haugh, 210-308-8267PR@globalscape.com
Globalscape (AMEX:GSB)
Historical Stock Chart
From Aug 2024 to Sep 2024
Globalscape (AMEX:GSB)
Historical Stock Chart
From Sep 2023 to Sep 2024