Rachael, my three year old, is big on risks. It is her fingerprint on the universe, I am convinced.
She scares me.
According to the Ponemon Institute’s research, that reveals the ‘true cost of Compliance,’ the average cost for an organization that experience non-compliance related problems is almost $9.4 million dollars.
Typically risks hold the promise of a reward. Can you name one reward that is inherent in a 9.4 million dollar bill?
I can’t either.
Can reputational risks be computed long term? Is it a fixed number?
Please send me your mathematical computations if you have discovered a concrete formula that produces a fixed outcome. If one does exists, there may be hope to contain the dam when an organization is pinched for non-compliance.
Maybe we can ask Equifax?
As of the writing of this post, no such formula exists. None ever will.
Run like hell from these 6 Compliance Risks
- Pay to ‘earn’ your customers trust: When trust is broken with clients, organizations must be ready and willing to pay to restore trust. There is no guarantee. But if they want a shot a survival, they must be willing to remedy the problem that their non-compliance caused, either monetarily or via free credit monitoring.
- Law Suits: A law firm in Florida is currently building a case against Yahoo for the 2016 Data Break of 500 million stolen user accounts. Can you guess the cost for this highly publicized breach? Read more on the class action suit here.
- Bank fines: Banks only ‘foot the bill’ bill in theory when your customers’ credit cards are fraudulently used. In reality, the fees and fines will most likely be passed along to the organization.
- Government imposed audits: Don’t mess with the Feds. The Federal Trade Commission (FTC) delights in monitoring organizations that fail PCI DSS compliance especially when a large number of U.S. citizens information have been compromised. The FTC may, at will decide that not only will your organization pay a heavy fine, but will gleefully audit you regularly. Read more on the Target Data Breach here.
- Loss of Revenue: The high price already mentioned above does not account for the fact that if people can’t trust you with their sensitive data, they will not trust you with their business. They will take their wallet else where.
- Damaged Reputation: A damaged reputation is broken trust. If you have lived even a little, you know how difficult it is to repair trust in personal relationships. How much more so on the grand scale of massive data breach? A data breach is a Public Relations tsunami.
So now that I have completely negged you out about Compliance Risks; here is an idea:
A Compliance manager designed with simplicity in mind will save you more time and effort and cost less.
Imagine, a solution that allows you to assign responsibility for controls to the users who are responsible for audit evidence? Wouldn’t the spike in accountability greatly reduce your compliance risks?
Here is a list of available pre-built compliance requirements templates offered for the KnowBe4 Compliance Manager:
- ISO 27001
- NIST SP800-53
- NIST Cybersecurity Assessment Tool
- SANS Top 20 Critical Security Controls
- COSO Fundamentals
- ACCSC Accreditation
You can also build your own using the custom templates feature.
Most organizations track compliance using spreadsheets, word processors or self-maintained software such as Sharepoint. This is inefficient, error prone, costly, and a risk in itself.
Let my three year old stay in her world for now. She can afford to.
But you my friend, will be slapped with more than ‘time a out,’ if you become a victim of compliance risks.
Sources: Globalscape: Out of order! The Risks of Being out of Compliance ThinkTech: Manage reputational risk and IT