Half (51%) said they spend at least 40% of their IT security budgets on data protection and security compliance, with the same proportion estimating that this work consumes up to 20,000 hours of resource every year.
With compliance proving a barrier to growth, almost three-quarters (70%) of firms said they have to manage a minimum of five different compliance projects at any one time, while some (7%) must contend with 50 or more.
Andy Barratt, UK managing director at Coalfire, said: “The burden of compliance has already become unsustainable for a lot of businesses. Sensitivity towards data privacy issues has shot up since the introduction of GDPR and cybersecurity standards have changed dramatically from point-in-time reviews to continuous, outcome-based processes.
“The post-Covid-19 economy is going to force businesses to be leaner and more efficient operationally and firms can’t afford to spend time and money on activity that isn’t furthering their commercial ambitions. IT teams need to start thinking differently about compliance and align these efforts more closely with their company’s wider strategic objectives if they are to enable, rather than inhibit, growth in the future.”
Alan Rodger, senior analyst at Coalfire’s research partner Omdia, said: “Despite the exponential growth in compliance obligations, our research shows that positive business and security outcomes are possible. By adopting new best practices, some organisations are reporting 40-50% compliance resource savings, and many are using their improved security posture as a competitive differentiator.”
Based on a survey of more than 100 prominent IT and security executives representing industries including technology, financial services, manufacturing, healthcare and government, Coalfire’s Compliance in the Era of Digital Transformation report shows how public and private sector organisations are developing to address the ever-growing burden of IT compliance.
Report key findings:
·Growing compliance obligations threaten to become unsustainable cost burdens – More than 51% of those surveyed are spending 40% or more of their IT security budgets on compliance.
·Compliance is a significant barrier to business performance – Nearly 60% of companies view compliance as a barrier to enter new markets.
·Organisations must transform their approach to compliance – Cyber standards are changing from point-in-time assessments to continuous, outcome-based compliance requirements; 66% indicate that technology with automation, ongoing visibility, and coordinated assessments are critical to compliance transformation and reducing audit fatigue and total cost of compliance.