As another trying year comes thankfully to a close, it seems like an appropriate time to look at some important IT security compliance statistics and trends. By understanding developments in this critical area, your organization will be able to conduct your operations more securely and ensure that you are meeting the requirements necessary to win demanding government and private contracts.
The information in this article comes from the following sources: Ponemon Institute, Globalscape, Diligent Insights, Bloomberg, NAVEX Global, Refinitiv, Quantivate, and CaseWare.
The cost of compliance and non-compliance
Businesses in the U.S. on average spent $10,000 per employee on regulatory costs in 2021 with the average compliance cost for organizations across all industries worldwide at $5.47 million. The healthcare and financial services industry have some of the highest compliance costs, with the average annual cost of compliance equaling $19 million and $30.9 million, respectively.
50% of organizations say they spend 6-10% of their revenue on compliance costs and 54% of companies anticipate spending more money in 2021 on IT risk management and compliance. The most typical increase in spending year-over-year is somewhere between 25% and 50%.
The #1 factor companies cite when asked why they plan to increase their IT compliance budget in 2021 is: anticipated regulatory change.
There has been a 45% increase in the cost of non-compliance since 2011 as organizations lose an average of $4 million in revenue due to a single non-compliance event.
When it comes to the execution of security assurance/compliance tasks, half of companies say they spend 50% or more of their work time on low-level administrative tasks. This is an expense that often gets overlooked. Companies suffer from having highly trained workers spending time on mundane tasks when better tools could free them these resources up to perform more important duties.
IT security compliance issues remain a major concern
61% of all respondents have experienced at least one security incident or compliance lapse in the last three years.
57% of senior-level executives rank risk and compliance as one of the top two risk categories they feel least prepared to address.
35% of companies state that their organization manages IT risk in an ad-hoc fashion, taking action only when a negative event happens.
Resource issues continue to worsen
Companies of all types continue to report that they are under-resourced in the security compliance area. One major point of interest in 2021 is the fact that many companies report they suffer from a lack of adequate funding and staff to address security compliance issues. Only 34% of companies rate their access to both these resources as “good” or “very good.”
These statistics are especially important since, as research demonstrates, substantive resourcing is strongly correlated to a host of positive outcomes in security compliance. On the positive side, however, 69% of companies are satisfied with the skill, experience, and quality of the staff they have assigned to IT security compliance.
Persistent trouble with third-party compliance
Many organizations are still not thoroughly vetting a vendor’s security and privacy practices. Only 49% say their organizations are doing this due diligence with all third parties before allowing them access to sensitive and confidential information. In addition, 48% of companies find it difficult to track third-party compliance.
The importance of internal audits continues to grow
An important tool in assessing a company’s needs to meet security compliance requirements is an internal audit. Using this tool, managers can determine which parts of their organization need the most resources to remediate issues involving compliance requirements.
The Institute of Internal Auditors estimates that more than 75% of audit teams lack a modern audit technology solution. In addition, only 29.8% of respondents say that they regularly use data analytics in their audits.
One statistic that should convince companies to utilize the internal audit tool more often: holding regular compliance audits can save organizations up to $2.86 million.
Positive trends in IT security compliance
There are some encouraging statistics that demonstrate an upward trend of company management placing more emphasis on IT security compliance. Organizations are increasingly realizing the need to have talented individuals working in this area and are more willing to equip them with sufficient tools and budgetary resources.
70% of companies report that their organizations have dedicated tools for managing IT compliance efforts.
83% of companies plan to evaluate/purchase new tools to streamline and automate their risk management and compliance processes in 2021.
In general, the risk and compliance sector is rapidly maturing. Across all industry sectors, there was a significant increase in the adoption of customized systems to manage risk and compliance functions, as well as the healthy use of risk and compliance program measures and the integration of risk management throughout organizations. However, company management should take note: More sophistication can create opportunities for growth, but organizations that don’t take advantage of available security compliance tools and solutions will be left behind.
Get assistance from a security compliance expert
No matter how the trends and statistics change, there is one constant that remains year-to-year: it will always be important to work with a trusted IT and Security Compliance expert, like Network Depot, to ensure that your organization is protected and that you are operating at your optimal level. Your trusted partner will advise you on how to best achieve your security compliance needs and will be with your organization at every step in the process.