Have we entered an age of compliance complacency?
6 min read
06 November 2017
Daren Howell, business continuity expert at Sungard Availability Services, looks at how businesses are extremely relaxed or dangerously unaware of the changing responsibilities and liabilities around compliance.
Data is power. It’s a prime commodity for businesses, which in turn means it is constantly under threat. Just try and think back to a week where a data breach or cyber attack did not hit the headlines, and you’ll struggle. Not only are these threats a growing problem, but the issue becomes more paramount when combined with upcoming changes in compliance.
The surge of data created by the digital age has called for a change in how organisations store and handle it. The consequences of non-compliance are well-documented by now, whether that’s in the form of a fine, insolvency or even closure. Surely it can be assumed that this issue is being taken sufficiently seriously across all industries? Initial findings from our recent global research suggest otherwise.
Our inaugural The Little Book of IT study found that in the UK, 30 per cent of business respondents who classified their security technology as “fully implemented/integrated,” reported no security improvements could be made.
This bold assumption would infer that over a third of bosses believe their systems are fully prepared to deal with the security challenges facing them, and may explain why a seemingly inadequate ten per cent of IT budget is spent on security provisions (which represents only 2.25 per cent growth over the previous year’s expenditure, with next year’s spend set to be even less at 1.86 per cent).
Whilst it’s impossible to keep pace with cyber criminals, it is none-the-less vital to constantly evaluate the security protocols and tools an organisation has in place. To do otherwise is to risk leaving itself (and anyone connected to its systems) a sitting duck.
Surprisingly, the research also unveiled remaining secure to cyber threats is only the second highest IT priority, following IT infrastructure and cloud adoption. Businesses are either relaxed or perilously unaware of the changing responsibilities and liabilities around compliance. So have we entered a period of compliance complacency? To do so would be unwise. To add salt into the wound, 51 per cent stated they had been offered training to regulatory compliance.
It’s not the first time the complacency label has been banded around when it comes to security – and the above statistics do infer such a laissez faire attitude. That said, a deeper dive into the research shows a more complex situation. On further questioning, security was the number one factor taken into consideration when adopting new technology.
With this in mind it would seem less like complacency, and more confusion – with some areas of the business placing it with greater importance than others. What’s needed then is a cohesive security and data integrity strategy. One that embraces all employees, albeit tailored to their business roles.
The changing cyber landscape has an impact upon, and requires responsibility from, everyone in the business: from the CEO through to freelance staff – not just the IT department. Security is just one aspect of a business’ IT strategy and teams still have to ensure both the day-to-day running of IT environments whilst still implementing the initiatives which it is hoped will help deliver enhanced business outcomes.
As was revealed, the issues and challenges of doing so are numerous. Whether it’s budget constraints impacting security in some way (48 per cent) or modernising legacy systems (65 per cent), both are stealing time and focus from innovation. Meanwhile cloud adoption (52 per cent), business analytics (37 per cent) and digitalisation (35 per cent) exert great pressure, meaning the modern-day IT department has a lot to contend with.
In the same way that no man is an Island, no organisation or IT department should be either. With all these challenges is it any wonder security and compliance is treated as a mutable priority? That said, regardless of the pressures being faced, it doesn’t change security’s importance.
With so many moving parts and layers within any business, getting a handle on existing and emerging threats can seem insurmountable. There are so many routes towards ensuring the security of environments, networks and applications. There’s the human element too, all of whom can help or hinder compliance, security and operational integrity. So, if resources are stretched. If immutable compliance deadlines loom. If there’s a skills gap.
Working with an expert partner can help. Not only can this augment scarce or stretched resources, it means businesses have an army of knowledge to hand – and across technologies on both sides of the hybrid IT divide. Capable of communicating just as effectively in the board room as the data room, to staff as well as suppliers, and to brains wired for business as much as those wired for technology.
A partner to help you identify, negotiate and overcome the ever changing and emerging threat-scape all companies face. Be that compliance or otherwise.
Daren Howell is business continuity expert at Sungard Availability Services