Compliance budgets frozen

Nearly half of businesses have static compliance budgets and rely on labour-intensive manual processes, despite 72% of organisations now viewing compliance as a priority.

  • Wednesday, 18th November 2015 Posted 9 years ago in by Phil Alsop
72% of businesses view regulatory compliance as a high priority, but despite this more than half (53%) have cut or frozen their budgets for compliance and risk management, according to a new survey conducted by SureCloud
 
With IT departments facing increasing data protection requirements and with limited resources, more than a quarter (27%) said that they had experienced a security incident leading to a data breach in the past year.  Nearly 10% admitted that they did not know what all of their business compliance requirements were.
 
The survey of 130 UK IT and infosecurity professionals found that 61% of organisations use manual, spreadsheet based processes for risk management, or have no process of any kind in place.  65% also reported that their organisation relied on manual processes for handling compliance processes, or have no formal process in place.  A quarter of respondents admitted that their organisation did not conduct annual risk assessments.
 
SureCloud CEO Richard Hibbert commented: “Business compliance requirements are growing, and it is becoming progressively more challenging for organisations to have an overview of their risk and compliance status across the business – especially when they are relying on manual, paper-based processes to do so.  With IT departments seeing their compliance budgets cut in real terms, businesses run the risk of falling short of compliance standards, incurring penalties and even suffering data loss incidents.”
 
The compliance regulations that organisations identified as having to meet included ISO 27000 (49%), PCI DSS (39%), and a range of other quality management, business continuity and risk management standards, highlighting the complexity and breadth of requirements business are attempting to meet.
 
“Automating processes makes it easier for companies to get a clear view of their compliance and risk profile from a business perspective, helping to minimise their exposure to risks while saving IT teams both time and costs,” added Hibbert, “This quickly realises key strategic and operational benefits, and provides a solid foundation for future business planning.”