New study reports non-compliance costs twice as much as toeing the line

December 27, 2017//Ellen Neveux

Last Updated: November 18, 2020

Fluctuating government and industry regulations combined with the upcoming enforcement of the EU General Data Protection Regulation (GDPR) create a tough-to-meet environment for many IT managers. A new report from the Ponemon Institute details the current costs of compliance—and non-compliance—across industry.

We talked earlier about the impending requirements associated with the GDPR. The new report from Ponemon takes a hard look at the real cost of compliance in 2017, compared to a similar study conducted by the company in 2011. For reference, the study involved 53 multinational organizations and 237 individuals involved with compliance at these organizations.

Apples and oranges—what are the “costs”?

The regulatory landscape continues to shift, making it tough to stay in compliance, whether you are a healthcare or financial vendor trying to comply with HIPAA or GLBA, or a retail sales interest struggling to adhere to the PCI DSS. If you handle the data of citizens of the EU, the GDPR brings on a whole new set of data security requirements.

Against that background, Ponemon looked at the cost of factors that bear on compliance and compared it to the actual costs of non-compliance. While the easy answer is that it is less expensive to stay in compliance, the issue is more complex. Here are some takeaways from the study:

  • As might be expected, the cost of compliance is 43% higher in 2017 than it was in 2011. Among the companies evaluated for the report, the cost of compliance is about $5.47 million each year.
  • The cost of non-compliance is 45% higher than the earlier report, reaching about $14.82 million per year.
    Compliance costs differ by industry. While financial services can pay more than $30 million each year for compliance, media companies pay out $7.7 million. For media, that sum can swing up or down depending on individual outlet privacy concerns.
  • Among respondents, 90% thought the GDPR is going to be a challenge for compliance. Second on the list of difficult targets is the PCI-DSS, with 55% of respondents noting the challenge of compliance.

The report makes clear that the organizational cost for non-compliance is 2.71 times that of being in compliance. Those losses are tallied in business disruption, revenue, productivity, and reputational losses, and the costs of litigation—including fines, legal and settlement costs.

Ponemon also identifies the factors rolled up in the cost of compliance. These are the strategies and tactics used to maintain compliance and data security, including:

  • Compliance assessments and audits
  • Policies, incident response, and communication plans
  • Training and staff certification
  • Specialized technologies to enable protection of data assets like managed file transfer, access governance, encryption, data loss prevention, and other strategies.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close