A study released Thursday by the IT Policy Compliance Group found a direct correlation between a company's compliance initiatives and the number of data breaches it weathers. Baseline reports:
Companies with two or fewer compliance deficiencies annually are likely to have two or fewer data losses or thefts in the same time period, according to the report. Conversely, organizations that lag when it comes to compliance (10 or more deficiencies in a year) are likely to experience data loss more than a dozen times annually.
IT Policy Compliance Group managing editor Jim Hurley says the results are "surprising," but that the data shows an "undeniable relationship" between the two factors. He explained the correlation to Baseline as follows:
...[C]ompanies with the fewest control objectives -- safeguards put in place to support security and other policies -- are least likely to experience a data loss and most likely to perform well on regulator audits... Businesses with fewer controls are focusing on managing exceptions rather then spending time and labor trying to manage everything.
The Cleveland-based research firm surveyed 2,000 companies, and the report included data on publicly reported data losses