Study: Problems caused by lack of compliance cost 3 times more than a strong Compliance Program
Many companies view compliance programs as a headache — something they’re required to invest time and money in, but which produces little. A benchmark report from the United States shows that the opposite is the case. Investing in strong compliance programs saves money in the long run.
The research report by Ponemon Institute LLC in Traverse City, Michigan, examines the real costs, both of setting up a proper compliance program and of cleaning up the damage when proper programs have not been put in place. The study looked at 46 multinational organisations and interviewed 160 leaders.
The cost of compliance worked out to only about $222 per employee, while noncompliance costs averaged about $820 per employee.
“We learned that while the average cost of compliance for the organizations in our study is $3.5 million, the cost of non-compliance is much greater,” the report said. Cleaning up non-compliance problems averaged nearly $9.4 million.
Study cites 10 attributes of a strong compliance structure
The report also looked at the 10 attributes that lend the greatest support to a strong compliance structure. Many of them pertain to governance and oversight of the organization’s security initiatives.
Organizations need to anticipate how changing threats will affect their ability to comply with external, internal and contractual demands, the report said. “The implication for an organization that does not manage compliance risks with the right integrated and holistic response to data security and related compliance challenges are a decrease in revenue that results from both the loss of customer trust and loyalty and the inability to deliver services and products,” the report said.
The study, “The True Cost of Compliance,” is available online at Tripwire.com.
Thinking about it, Ímpeto, with extensive experience in software architecture, has just launched the ClickCompliance application! With simple usability, it works on SharePoint Online and allows your company to document who has accepted its policies, so if the company experiences any kind of process, it can prove to the law that it is in compliance and that Responsibility is integral to whoever committed the criminal act.
