Compliance requirements threaten to become a major burden for business
More than half of companies questioned in a new survey are spending 40 percent or more of their IT security budgets on compliance.
The research from Coalfire, a provider of cybersecurity advisory and assessment services, in conjunction with consulting firm Omida, also reveals that nearly 60 percent of companies view compliance as a barrier to enter new markets and prepare news services to meet compliance requirements.
"The compliance landscape has changed dramatically over the last 10 years," says Adam Shnider, executive vice president, cyber assurance services at Coalfire. "Our research confirms that resource burdens have become unsustainable to the point that there may be no light at the end of the tunnel for organizations that fail to adopt new cybersecurity compliance strategies."
The study also shows that companies need to adapt their approach. Cyber standards are changing from point-in-time assessments to continuous, outcome-based compliance requirements; 66 percent indicate that technology with automation, ongoing visibility, and coordinated assessments are critical to compliance transformation and reducing audit fatigue and total cost of compliance.
"Despite the exponential growth in compliance obligations, our research shows that positive business and security outcomes are possible," says Alan Rodger, senior analyst at Omdia. "By adopting new best practices, some organizations are reporting 40-50 percent compliance resource savings, and many are using their improved security posture as a competitive differentiator."
The full report is available from the Coalfire site and there's an infographic summary below.