The True Cost of Compliance
-
Upload
tripwire -
Category
Technology
-
view
726 -
download
0
Transcript of The True Cost of Compliance
Join the conversation: #compliancecost
The True Cost of
Compliance
Join the conversation: #compliancecost
The True Cost of ComplianceDr. Larry Ponemon, Ph.D.Ponemon Institute LLC
Rekha ShenoyVP Marketing, Tripwire Inc.
IT SECURITY & COMPLIANCE AUTOMATION
Today’s Speakers
Larry Ponemon Ph.D.
Chairman and Founder, CIPP
Ponemon Institute LLC
Rekha Shenoy
VP Marketing
Tripwire, Inc.
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Ponemon Institute
The Institute is dedicated to advancing responsible information management practices that positively affect privacy, data protection, and information security in business and government.
The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
The Institute has assembled more than 60 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.
The majority of active participants are privacy or information security leaders.
4
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
About our Study
Our benchmark research focuses on 46 multinational organizations and their respective data protection activities over the previous 12 months.
Our research methods utilize an activity-based costing model derived from actual meetings and site visits.
Our methods attempt to capture both direct and indirect costs associated with the following core compliance activities:• Compliance policies
• Communications
• Program management
• Data security
• Compliance monitoring
• Enforcement
5
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
About our Study - continued
In addition to compliance activity cost, we captured the direct, indirect and opportunity costs associated when a compliance failure occurs. These include:
• Business disruption: The total economic loss that results from non-compliance events
• Productivity loss: The lost time and related expenses associated with the downtime of systems and other critical processes
• Lost revenues: The loss in revenue sustained as a result of non-compliance with data protection requirements and laws.
• Fines, penalties and other settlement costs: The total fines, penalties and other legal or non-legal settlements associated with data protection non-compliance issues.
6
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION7
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Summary of Key Findings
The cost of non-compliance can be more expensive than investing in compliance activities.
Industry and organizational size affect the cost of compliance and non-compliance.
The gap between compliance and non-compliance cost is related to data breach frequency.
Security effectiveness affects the cost of non-compliance.
Audits reduce costs of compliance.
Laws and regulations are the main drivers for investment in compliance activities.
8
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Project Summary
We are pleased to present the results of the Cost of Compliance study sponsored by Tripwire, Inc. and conducted by Ponemon Institute.
The purpose of this study is to determine the total cost of compliance activities that relate to data protection for a benchmark sample of multinational organizations.
Our study involves 46 corporations and 160 respondents who are deeply involved in their organization’s IT compliance, data protection, security or privacy functions.
Utilizing activity-based cost accounting methods, we were able to objectively derive the direct and indirect costs for the present sample of organizations.
Benchmark response Freq.
Contacted 399
Agreement 67
Participation 50
Incomplete studies 4
Final sample 46
9
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Industry Distribution of 46 Organizations
10
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Industry Distribution of 46 Organizations
Approximate titles of 160 respondents
11
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Global Footprint of 46 Multinational Organizations
12
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Global Footprint of 46 Multinational Organizations
13
Join the conversation: #compliancecost
IT SECURITY & COMPLIANCE AUTOMATION
Average Compliance and Non-Compliance Costs
14
Join the conversation: #compliancecost
Average Compliance Cost by Activity Center
Six cost activity centers span the full economic impact of compliance costs associated with protecting data
Join the conversation: #compliancecost
Average Non-Compliance Cost by Activity Center
Four cost activity centers span the full economic impact of non-compliance costs associated with protecting data
Join the conversation: #compliancecost
Laws and Regulations: Main Drivers for Investments
Industry and organizational size affect the cost of compliance and non-compliance.
Join the conversation: #compliancecost
Industry and Size Affect the Cost of Compliance
Industry and organizational size affect the cost of compliance and non-compliance.
Join the conversation: #compliancecost
Difference in Costs is Related to Data Breach Frequency
The smaller the gap between compliance and non-compliance costs, the lower the frequency of compromised records
Join the conversation: #compliancecost
Secure Organizations Have Lower Non-Compliance Costs
Organizations with a higher security effectiveness score experience a lower cost of non-compliance.
Join the conversation: #compliancecost
Ongoing Audits Reduce the Total Cost of Compliance
Per capita non-compliance cost are inversely related to the frequency of compliance audits. Organizations that do not conduct compliance audits experience the highest compliance cost.
Join the conversation: #compliancecost
For more informationwww.tripwire.com/ponemon-cost-of-compliance
Join the conversation: #compliancecost
www.tripwire.comTripwire Americas: 1.800.TRIPWIRETripwire EMEA: +44 (0) 20 7382 5420Tripwire Japan: +812.53206.8610Tripwire Singapore: +65 6733 5051Tripwire Australia-New Zealand: +61 (0) 402 138 980
THANK YOU!
Larry Ponemon, Ph.D. Ponemon Institute, LLC
E-mail : [email protected]