Compliance Complacency: Are your Compliant
Data is power. It’s a prime commodity for businesses, which in turn means it is constantly under threat. Just try and think back to a week where a data breach or cyber attacks did not hit the headlines, and you’ll struggle. Not only are these threats a growing problem for any organisation, but the issue becomes more paramount when combined with upcoming changes in compliance. The surge of data created by the digital age has called for a change in how organisations store and handle it. The consequences of non-compliance are well-documented by now, whether that’s in the form of a fine, insolvency or even closure.
Surely then it can be assumed that this issue is being taken sufficiently seriously by organisations across all industries? Initial findings from our recent global research[1] suggest otherwise.
Our inaugural The Little Book of IT study found that in the UK, 30 per cent of business respondents who classified their security technology as “fully implemented/integrated,” reported that no security improvements could be made. This bold assumption would infer that over a third of businesses believe their systems are fully prepared to deal with the security challenges facing them, and may explain why a seemingly inadequate 10% of IT budget is being spent on security provisions (which represents only 2.25% growth over the previous year’s expenditure, with next year’s spend set to be marginally even less at 1.86%). Whilst it’s nigh-on impossible to keep pace with cyber criminals, it is none-the-less vital to constantly evaluate the security protocols and tools an organisation has in place. To do otherwise is to risk leaving itself (and anyone connected to its systems) a sitting duck.
Surprisingly, the research also found that remaining secure to cyber threats is only the second highest IT priority, after changing IT infrastructure and cloud adoption. Businesses are either extremely relaxed or perilously unaware of the changing responsibilities and liabilities around compliance. Have we entered a period of compliance complacency? To do so would be unwise, given the upcoming changes in regulation. To add salt into the wound, just over half of respondents (51% stated they had been offered training to regulatory compliance.
It’s not the first time that the complacency label has been banded around when it comes to security (especially when pinning down responsibility) – and the above stats do infer such a laissez faire attitude. That said, a deeper dive into this research unveiled a far more complex situation. On further questioning, security was the number one factor taken into consideration when adopting new technology.
With this in mind it would seem less like complacency, and more confusion – with some areas of the business placing it with greater importance than others. What’s needed then is a more cohesive and integrated security and data integrity strategy. One that embraces all employees, albeit tailored to their specific business roles.
The changing cyber landscape has an impact upon, and requires responsibility from, everyone in the business: from the CEO through to freelance staff and not just the IT department. Security is just one aspect of a business’ IT strategy and teams still have to ensure both the day-to-day running of IT environments whilst still implementing the initiatives which it is hoped will help deliver enhanced business outcomes.
As The Little Book of IT study revealed, the issues and challenges of doing so are numerous. Whether it’s budget constraints impacting security in some way (48%) modernising legacy systems (65%), both are stealing time and focus from innovation. Meanwhile cloud adoption (52%), business analytics (37%) and digitalisation 35% exert great pressure – whether positive or negative – meaning the modern-day IT department has rather a lot to contend with.
In the same way that no man is an Island, no organisation or IT department should be either. With all the challenges facing them is it any wonder that security and compliance is treated as a mutable priority? That said, regardless of the pressures ITDMs face, it doesn’t change security’s importance to the entire business – especially in the era of Digital Transformation and ever imaginative cyber-attacks.
With so many moving parts and layers within any business – let alone myriad dependencies and demand within and without the organisation – getting a handle on existing and emerging threats can seem insurmountable. There are so many routes towards ensuring the security of environments, networks and applications. There’s the human element too – staff, contractors, suppliers – all of whom can help or hinder compliance, security and operational integrity.
So…If resources are stretched. If immutable compliance deadlines loom. If there’s a skills gap.
Working with an expert partner can help. Not only can this augment scarce or stretched resources, it means businesses have an army of knowledge to hand – ideally one capable of delivering robustness, resilience, integrity, availability as well as compliance and security. And across technologies on both sides of the hybrid IT divide. Capable of communicating just as effectively in the board room as the data room… To staff as well as suppliers… To brains wired for business as much as those wired for technology.
A partner to help you identify, negotiate and overcome the ever changing and emerging threat-scape all companies face. Be that compliance or otherwise.