TMCnet News
GlobalSCAPE, Inc. and Ponemon Study Finds Data Protection Non-Compliance Expenses Up 45 Percent, Costing an Average $14 MillionGlobalSCAPE, Inc. (NYSE American: GSB), a worldwide leader in the secure movement and integration of data, and the Ponemon Institute released the results of a new study analyzing the cost of complying and not complying with industry or government data protection regulations. According to the report, the cost of non-compliance has significantly increased over the past few years, and the issue could grow more serious. A vast majority of organizations (90 percent) believe that compliance with the upcoming General Data Protection Regulation (GDPR) would be difficult to achieve. GDPR is considered by respondents to be the most challenging among other data compliance regulations such as Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA) and Federal Information Security Management Act (FISMA). The new report, "The True Cost of Compliance with Data Protection Regulations," looks at the economic effects of organizations' compliance activities, including people, processes and technologies. Within this study, compliance covers industry and government regulatory mandates such as global privacy, data integrity, data loss and credit cardholder protection, as well as self-enforced regulatory frameworks like International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), etc. Key findings from the report include:
Data protection regulations are increasingly complex in nature, due to the increased value and sensitivity of personal or proprietary data. As data becomes more valuable, the risk of data breaches, data loss, cyberattacks or insider threats becomes a grave and urgent issue. The enforcement of regulations like GDPR demonstrates the new era of complex policies developed to protect data at an individual level from increasingly sophisticated cyberattacks. More dat protection regulations and frameworks like the EU's GDPR are expected to be developed and implemented from other areas of the world, including China and Australia. Source (News - Alert) of Compliance Costs To meet compliance mandates, organizations employ a number of methods that can factor into the total cost. These could include administration overhead, consultant services, training, and communication and technology, among others. Data security has the highest average compliance cost for organizations, averaging $2 million a year. When looking at the top three technologies already in use to maintain compliance, of the companies surveyed, organizations annually spend around $1.34 million on compliance-related platforms, $1 million on incident response, and $750,000 on audit and assessments. This investment does ultimately pay off, according to the results, as companies conducting regular audits had a reduced overall compliance cost. More than two audits a year can significantly reduce this cost: companies might find themselves paying $14 million if they run more than two audits versus $27 million for one or two audits a year. Breaking Down Non-Compliance Expenses The report also shows that companies are not spending nearly enough on compliance, and therefore the costs associated with non-compliance are 2.71 times higher. While the average annual cost of non-compliance is $14.82 million, the range could be anywhere from $2.2 million to $39.22 million. An organization's security posture can also vastly increase or decrease the cost of compliance or non-compliance. Even established regulations such as HIPAA or PCI-DSS now include requirements specific to data security or data breach responses. Organizations that do not have an effective or strong security ecosystem in place face up to an average of $25 million in annual costs to meet compliance. Organizations that implement centralized data governance also stand to save the most, as they could reduce their compliance costs by $3 million. Supporting Quotes:
Dr. Larry Ponemon, Chairman and Founder at Ponemon Institute (News - Alert)
Peter Merkulov, Chief Technology Officer at Globalscape Methodology Ponemon Institute and Globalscape conducted "The True Cost of Compliance with Data Protection Regulations" to determine the full economic impact of compliance activities for a representative sample of 53 multinational organizations. An earlier study was completed in 2011 and those findings are compared to this year's results. The key findings are based on the benchmark analysis of 53 multinational organizations located in the United States. Ponemon Institute obtained information about each organization's data compliance costs using an activity-based costing method and a proprietary diagnostic interviewing technique involving 237 functional leaders. These research methods captured information about direct and indirect costs associated with compliance activities during a 12-month period. Ponemon defines a compliance activity as one that organizations use to meet the specific rules, regulations, standards, policies and contracts that are intended to protect information assets. The organization's benchmarking efforts also captured the direct, indirect and opportunity costs associated with non-compliance events during a 12-month period. Non-compliance cost is defined as the cost that results when a company fails to comply with rules, regulations, policies, contracts, and other legal obligations. For more information or to download the report, please visit: https://www.globalscape.com/resources/whitepapers/data-protection-regulations-study. About Ponemon Institute Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. About Globalscape GlobalSCAPE, Inc. (NYSE American: GSB) is a worldwide leader in the secure movement and integration of data. Through Globalscape's powerful yet intuitive technology, organizations can accelerate their digital transformation and maximize their potential by unleashing the power of data. For more information, visit www.globalscape.com or follow the blog and Twitter updates. Safe Harbor Statement This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. The words "would," "exceed," "should," "anticipates," "believe," "steady," "dramatic," "expect," and variations of such words and similar expressions identify forward-looking statements, but their absence does not mean that a statement is not a forward-looking statement. These forward-looking statements are based upon the Company's current expectations and are subject to a number of risks, uncertainties and assumptions. The Company undertakes no obligation to update any forward-looking statements, whether as a result of new information, future events or otherwise. Among the important factors that could cause actual results to differ significantly from those expressed or implied by such forward-looking statements are risks that are detailed in the Company's Annual Report on Form 10-K for the 2016 fiscal year, filed with the Securities and Exchange Commission on March 27, 2017. (1): The percentage net change calculation is defined as follows: (FY2017-FY2011) ÷ [(FY2017+FY2011)×½]
View source version on businesswire.com: http://www.businesswire.com/news/home/20171212005155/en/ |