IT Security and Privacy Compliance Policies Are Costing Enterprises Big

18
IT Security and Privacy Compliance Policies

With the uncertain business ecosystem, security compliance measures are costing companies almost $3.5 million annually.

With the rising cyber-attacks amid the pandemic, most organizations are striving to keep up with data privacy and security compliance regulations. According to a recent research study by Telos, the overall compliance activities cost enterprises nearly $3.5 million (on average) annually.

Around 300 IT and security professionals have been surveyed in July-August 2020 to understand the expenses due to the recent cybersecurity measures. Organizations generally comply with 13 privacy or IT security regulations. Besides, it involves compliance audits that consume 58 working days in every quarter.

Considering the current market scenario, more privacy regulations are coming into existence. As a result, most organizations are migrating their critical systems, infrastructure, and applications to the cloud. This increases the risk of non-compliance and associated technical impact.

Read More: IT Security Skills Gap is Widening Further, Says Study

Some of the principal findings from the study are –

  • The IT security specialists indicated receiving of 17 or more audit evidence requests in each quarter. They spend an average of 3-working days to respond to a single request.
  • Over the last two years, companies have been found non-compliant 6X by internal as well as third party auditors. This has resulted in around eight fines – costing nearly $460,000
  • About 86% of businesses believe compliance would be a challenge while moving their set-up to the cloud
  • Almost all organizations reported that they encounter IT security compliance or privacy regulations issues in the cloud

Compliance professionals are overwhelmed with work due to increasing security concerns. The teams spend around 232 working days a year responding to the audit evidence requests – this is in addition to the revenue spent on the required compliance events and fines.

Read More: IT Security and Data Protection are the Pillars of Digital Transformation

The bottom line is the level of economic commitment, and the phase is unmanageable in the long run of the business. Almost 99% of the respondents said that their company would benefit by automating IT security and privacy compliance tasks – citing benefits including increased accuracy of evidence, reduced time for audits, and responsiveness.

As mentioned by Steve Horvath, VP of cloud and strategy at Telos in the company blog post – “As a hammer, chisel and stone gave way to the clipboard, paper, and pencil, it’s time for organizations to realize the days of spreadsheets for ‘checkbox compliance’ are woefully outdated… Automation can solve numerous compliance challenges, as the data shows. It’s the only real way to get in front of the curve, rather than continuing to try and keep up.”