White Papers for Health Insurance Portability and Accountability Act (HIPAA)

Why Compliance Pays: Reputations and Revenues at Risk - Research Report

IT Policy Compliance Group

The amount spent on compliance and data protection is a very small percentage of the financial value that is at risk. With returns on investment in compliance for larger enterprises starting at 1,000 percent and improving to 100,000 percent, good compliance pays for itself.


Table of contents


Executive Summary

Key findings

Implications and analysis

Recommendations: Follow the leaders


Key Findings

Most firms continue to struggle with compliance

Compliance deficiencies, business disruptions and data losses

Firms that do well on compliance have the fewest business disruptions

Firms that do well on compliance have the fewest data losses and thefts

Publicly exposed and reported data loss/theft: When, not if

Financial losses from publicly exposed data loss and theft

Share price declines for publicly traded companies

Customer and revenue losses

Expenses and costs

Financial returns for compliance and data protection

Leaders cracked the code: Operational excellence in IT

More and appropriate IT controls

Fewer control objectives

High standards and key performance indicators

More frequent monitoring and measurement

Automation of spending to automate controls monitoring

Why compliance pays

Appendix A: Probability of publicly reported data losses

Appendix B: Financial losses and IT policy compliance

About the benchmarks


List of Figures

Figure 1: Business disruptions and compliance profiles

Figure 2: Unreported data losses, thefts, and compliance profiles

Figure 3: Average time to public exposure of data loss and theft

Figure 4: Stock price declines for publicly exposed data loss/theft

Figure 5: Customer and revenue losses for publicly exposed data loss/theft

Figure 6: Costs per lost customer record

Figure 7: Returns on compliance spending: Normative performers

Figure 8: Primary causes of compliance deficiencies: IT general controls

Figure 9: Appropriate number of IT controls: Laggards to leaders

Figure 10: KPI results: Laggards to leaders

Figure 11: Frequency of monitoring and measurement


List of Tables

Table 1: Compliance deficiencies, business disruptions, data losses and thefts

Table 2: Financial risk appetites by size of organizations

Table 3: Years to disclosure for publicly exposed data thefts and losses

Table 4: Returns on spending for compliance and data protection

Table 5: Number of control objectives

View the White Paper

Share or bookmarklet this web page at: