Recently, one of our contributing staff writers, Lisa DuBrock, brought our attention to a survey conducted by the Ponemon Institute and sponsored by Tripwire and a recent announcement of its findings. Ms. DuBrock’s point was that the results of this survey indicated that companies that actively employ information security compliance strategies, processes and procedures spend nearly one-third (1/3) the expense on risk management of security than non-compliant companies do. And, the another point raised by Ms. DuBrock is that this finding does in fact confirm the observations she has made in consulting projects she has managed or participated in over the last eighteen (18) months.
This report states that “…Data protection and enforcement activities ranked among the most expensive compliance activities, and business disruption and loss of productivity were found to be the most significant expenses for companies that did not achieve or maintain compliance…and total cost of compliance varies by industry, ranging from $6.8 million for education and research to more than $24 million for the energy sector. The cost of compliance versus noncompliance also varies by industry, with energy showing the smallest difference at ($2 million) and technology showing the largest ($9.4 million).”
Understanding that many surveys and similar reports like this can cause much debate amongst the readers of those reports, we would ask our readership to please read more about this report and offer your comments on its findings relative to your interpretations and experiences. Be sure to use the links in this story to also listen to an audio version of the findings of this report.