December 27, 2017//Ellen NeveuxLast Updated: May 28, 2021
Fluctuating government and industry regulations combined with the upcoming enforcement of the EU General Data Protection Regulation (GDPR) create a tough-to-meet environment for many IT managers. A new report from the Ponemon Institute details the current costs of compliance—and non-compliance—across industry.
We talked earlier about the impending requirements associated with the GDPR. The new report from Ponemon takes a hard look at the real cost of compliance in 2017, compared to a similar study conducted by the company in 2011. For reference, the study involved 53 multinational organizations and 237 individuals involved with compliance at these organizations.
Apples and oranges—what are the “costs”?
The regulatory landscape continues to shift, making it tough to stay in compliance, whether you are a healthcare or financial vendor trying to comply with HIPAA or GLBA, or a retail sales interest struggling to adhere to the PCI DSS. If you handle the data of citizens of the EU, the GDPR brings on a whole new set of data security requirements.
Against that background, Ponemon looked at the cost of factors that bear on compliance and compared it to the actual costs of non-compliance. While the easy answer is that it is less expensive to stay in compliance, the issue is more complex. Here are some takeaways from the study:
The report makes clear that the organizational cost for non-compliance is 2.71 times that of being in compliance. Those losses are tallied in business disruption, revenue, productivity, and reputational losses, and the costs of litigation—including fines, legal and settlement costs.
Ponemon also identifies the factors rolled up in the cost of compliance. These are the strategies and tactics used to maintain compliance and data security, including:
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.