Data By the Book Expensive, But Noncompliance is More
January 31, 2011 – Data compliance initiatives can carry a big price tag, though ignoring those efforts can cost millions of dollars more, according to a vendor-sponsored study from the Ponemon Institute.
The institute found that data compliance for financial legislation like Sarbanes-Oxley or health care regulations like HIPAA on average cost multinational corporations $3.5 million, along with the difficulty of implementing those data programs. However, the impact on data disruption, loss of productivity, and fees with noncompliance carried a cost of up to $9.4 million, the study indicated.
The study was based on information from more than 150 business leaders from 46 multinational companies in various fields. Tripwire, an IT security and compliance solution company, backed the study by Ponemon Institute, which is the parent company of the Responsible Information Management Council.
At 79 percent, technology companies led in the gap between compliance and noncompliance registered in the study, followed by industries such as retail (76 percent), healthcare (72 percent) and financial services (25 percent).
The cost of standardizing and overseeing data compliance ventures varied by industry, with the energy sector leading the way at $24 million. The price of compliance versus inaction or unsteady oversight of required data also fluctuated by industry, with technology recording the largest difference ($9.4 million) and energy businesses noting the smallest difference ($2 million).
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said he hoped assigning dollar values to data compliance gives companies a real-world view of the money behind governance, risk and compliance issues.
"Companies that invest in compliance activities such as frequent audits, enabling technologies, staff training and operational processes will find the most success in reducing risk and realize the ROI associated with preventing or reducing noncompliance costs," Ponemon said in a news release.
For more on the study, click here.