Have we entered an age of Compliance Complacency?

Daren Howell

business continuity expert at Sungard Availability Services

Views 439

Have we entered an age of Compliance Complacency?

10.01.2018 05:45 pm

Data is power. It’s a prime commodity for businesses, which in turn means it is constantly under threat. Just try and think back to a week where a data breach or cyber attacks did not hit the headlines, and you’ll struggle. Not only are these threats a growing problem for any organisation, but the issue becomes more paramount when combined with upcoming changes in compliance. The surge of data created by the digital age has called for a change in how organisations store and handle it. The consequences of non-compliance are well-documented by now, whether that’s in the form of a fine, insolvency or even closure.

Surely then it can be assumed that this issue is being taken sufficiently seriously by organisations across all industries? Initial findings from our recent global research[1] suggest otherwise.

Our inaugural The Little Book of IT study found that in the UK, 30 per cent of business respondents who classified their security technology as “fully implemented/integrated,” reported that no security improvements could be made. This bold assumption would infer that over a third of businesses believe their systems are fully prepared to deal with the security challenges facing them, and may explain why a seemingly inadequate 10% of IT budget is being spent on security provisions (which represents only 2.25% growth over the previous year’s expenditure, with next year’s spend set to be marginally even less at 1.86%). Whilst it’s nigh-on impossible to keep pace with cyber criminals, it is none-the-less vital to constantly evaluate the security protocols and tools an organisation has in place.  To do otherwise is to risk leaving itself (and anyone connected to its systems) a sitting duck.

Surprisingly, the research also found that remaining secure to cyber threats is only the second highest IT priority, after changing IT infrastructure and cloud adoption. Businesses are either extremely relaxed or perilously unaware of the changing responsibilities and liabilities around compliance. Have we entered a period of compliance complacency? To do so would be unwise, given the upcoming changes in regulation. To add salt into the wound, just over half of respondents (51% stated they had been offered training to regulatory compliance.

It’s not the first time that the complacency label has been banded around when it comes to security (especially when pinning down responsibility) – and the above stats do infer such a laissez faire attitude. That said, a deeper dive into this research unveiled a far more complex situation. On further questioning, security was the number one factor taken into consideration when adopting new technology.

With this in mind it would seem less like complacency, and more confusion – with some areas of the business placing it with greater importance than others. What’s needed then is a more cohesive and integrated security and data integrity strategy.  One that embraces all employees, albeit tailored to their specific business roles.   

The changing cyber landscape has an impact upon, and requires responsibility from, everyone in the business: from the CEO through to freelance staff and not just the IT department. Security is just one aspect of a business’ IT strategy and teams still have to ensure both the day-to-day running of IT environments whilst still implementing the initiatives which it is hoped will help deliver enhanced business outcomes.

As The Little Book of IT study revealed, the issues and challenges of doing so are numerous. Whether it’s budget constraints impacting security in some way (48%)   modernising legacy systems (65%), both are stealing time and focus from innovation.  Meanwhile cloud adoption (52%), business analytics (37%) and digitalisation 35% exert great pressure – whether positive or negative – meaning the modern-day IT department has rather a lot to contend with.

In the same way that no man is an Island, no organisation or IT department should be either. With all the challenges facing them is it any wonder that security and compliance is treated as a mutable priority?  That said, regardless of the pressures ITDMs face, it doesn’t change security’s importance to the entire business – especially in the era of Digital Transformation and ever imaginative cyber-attacks.

With so many moving parts and layers within any business – let alone myriad dependencies and demand within and without the organisation - getting a handle on existing and emerging threats can seem insurmountable. There are so many routes towards ensuring the security of environments, networks and applications. There’s the human element too – staff, contractors, suppliers – all of whom can help or hinder compliance, security and operational integrity. 

So…If resources are stretched. If immutable compliance deadlines loom. If there’s a skills gap.

Working with an expert partner can help. Not only can this augment scarce or stretched resources, it means businesses have an army of knowledge to hand – ideally one capable of delivering robustness, resilience, integrity, availability as well as compliance and security.  And across technologies on both sides of the hybrid IT divide.  Capable of communicating just as effectively in the board room as the data room...  To staff as well as suppliers...  To brains wired for business as much as those wired for technology.

A partner to help you identify, negotiate and overcome the ever changing and emerging threat-scape all companies face. Be that compliance or otherwise.

Latest blogs

Breana Patel Bonova Advisory/Risk & Regulatory Advisory

Crypto Firms Excel in Technical Expertise But Have Little Understanding of Risk

Crypto Firms have great technologies that address a lot of challenges and open up an entire new world of doing business. In conversation with CoinFi's CEO Timothy Tan about how regulations and risk management will be a competitive advantage for Read more »

Angus Burrell AltaPay, a Valitor company

Meeting customer demand - striking the right balance

Businesses run on balance sheets – where assets and liabilities are held in equilibrium. If a business wants to invest in one area, it must generate the resources from another. If the balance is out, then the business simply can’t work. The analogy Read more »

Brandon Li Austreme

Brand Protection: Combating Online Counterfeit with AI

Online sales of branded and luxury items have been rising drastically, in the recent decade. While all the brands are investing big money on establishing online stores, organizing marketing campaigns and doing all the operation enhancements, on the Read more »

Javid Khan Pulsant

Using Cloud to Relieve the Compliance Burden

A recent survey of more than 360 enterprises revealed that 86% are dealing with the complexity of multiple types of data and/or data-related processes subject to privacy and security compliance requirements. Just 61% say that their organisations are Read more »

Lina Adolf-Orup Fingerprints

Fingerprint on the Pulse: Biometric Payment News

It’s quite hard to believe that we’re already entering Q4. For the biometrics industry, it’s been a unique and exciting year – one marked largely by its increasing convergence with the world of payments. For payments and biometric lovers alike, it Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App