The True Cost of Compliance
Survey reveals that doing the bare minimum is roughly the equivalent of an invitation to financial disaster.
The trouble with the way many organizations approach compliance is that their thinking is dominated by finding the least costly approach to achieving compliance or, if they can get away with it, not complying at all.
Unfortunately, there are too many businesses that are actually not looking to make their business more secure or efficient; all they really want to do is be able to check a box that says they complied with whatever mandate.
However, a new study conducted by The Ponemon Institute on behalf of Tripwire, a provider of compliance management tools, finds that organizations that don't proactively manage compliance wind paying a lot more later on when it comes to penalties and remediation costs. The study also shows that the total cost of compliance when all these costs are factored in is a whole lot less for organizations that have been actively managing their compliance requirements.
Among the factors contributing to these lower costs, says Rekha Shenoy, Tripwire vice president of marketing, is that the cost of each successive audit drops significantly if your company has a defined set of processes that can be readily documented. That means that instead of having to start from scratch, each audit is part of a continuous compliance process that serves to reduce costs, while making the overall organization more secure. Shenoy adds that organizations that have defined processes can also begin to embrace automation, which, in turn, helps to further reduce costs. Longer term, Shenoy adds that the data collected as part of the compliance process can easily wind up feeding critical information about the business into a wide variety of business intelligence and analytics applications. Sadly, the Ponemon study also highlights that when it comes to compliance requirements, the retail and health care sectors are among the most deficient.
In this day and age, it's almost impossible not to run afoul of one compliance issue or another. But when that compliance issue leads to a security breach, it's a certainty that the cost to the organization overall is going to be a whole lot more than the tools that would have prevented the problem in the first place.