>Latest Research Report
>IT governance, risk and compliance
>data protection
>performance
>spend management
home > research reports > spend management


Why Compliance Pays

Excerpt

The amount spent on compliance and data protection is a very small percentage of the financial value that is at risk. With returns on investment in compliance for larger enterprises starting at 1,000 percent and improving to 100,000 percent, good compliance pays for itself.

Figure 7: Return on compliance spending, Normative performers



Table of contents

Executive Summary

Key findings

Implications and analysis

Recommendations: Follow the leaders

Key Findings

Most firms continue to struggle with compliance

Compliance deficiencies, business disruptions and data losses

Firms that do well on compliance have the fewest business disruptions

Firms that do well on compliance have the fewest data losses and thefts

Publicly exposed and reported data loss/theft: When, not if

Financial losses from publicly exposed data loss and theft

Share price declines for publicly traded companies

Customer and revenue losses

Expenses and costs

Financial returns for compliance and data protection

Leaders cracked the code: Operational excellence in IT

More and appropriate IT controls

Fewer control objectives

High standards and key performance indicators

More frequent monitoring and measurement

Automation of spending to automate controls monitoring

Why compliance pays

Appendix A: Probability of publicly reported data losses

Appendix B: Financial losses and IT policy compliance

About the benchmarks

List of Figures

Figure 1: Business disruptions and compliance profiles

Figure 2: Unreported data losses, thefts, and compliance profiles

Figure 3: Average time to public exposure of data loss and theft

Figure 4: Stock price declines for publicly exposed data loss/theft

Figure 5: Customer and revenue losses for publicly exposed data loss/theft

Figure 6: Costs per lost customer record

Figure 7: Returns on compliance spending: Normative performers

Figure 8: Primary causes of compliance deficiencies: IT general controls

Figure 9: Appropriate number of IT controls: Laggards to leaders

Figure 10: KPI results: Laggards to leaders

Figure 11: Frequency of monitoring and measurement

List of Tables

Table 1: Compliance deficiencies, business disruptions, data losses and thefts

Table 2: Financial risk appetites by size of organizations

Table 3: Years to disclosure for publicly exposed data thefts and losses

Table 4: Returns on spending for compliance and data protection

Table 5: Number of control objectives



You must be a member to view this report. Join ITPolicyCompliance.com now!





The time between IT auditing and monitoring among midsize organizations is 162 days.  This is eight times longer than the industry leaders, whose organizations are monitoring IT compliance every 21 days. more...



Latest Blog Topics:

Topic : Policy Shapes Outcomes
Topic : Who’s sets objectives: Legal, Business lines or IT?
Topic : Who Manages Information Security?

© 2008 IT Policy Compliance Group, USA, All Rights Reserved.privacy policy | terms of use | contact us