Cybersecurity Compliance Still Not a Priority for Companies, IBM Survey Shows

Over the last few years, the most consistent data point in the IBM i Marketplace Survey Results is the ongoing cybersecurity threat, and this year was no exception. It showed that 62% of organizations consider cybersecurity a number one concern as they plan their IT infrastructure, with a further 22% citing regulations and compliance in their top five. Yet, while companies prioritizing security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.

While it is clear that a sound, proactive stance on cybersecurity is crucial for any organization, the complexity of this process leaves many industry leaders feeling confused and overwhelmed. For many organizations, cybersecurity standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cybersecurity guidelines affect companies' legal standing can help encourage tighter security. 

Failure To Meet Various Regulations Can Result in Legal Consequences

Perhaps the most common cybersecurity law is the European Union’s General Data Protection Regulation (GDPR). While this is a European law, it can still apply to some US organizations. If a US-based company partners with firms in the EU, stores data in the EU or collects European consumers’ data, they must comply with GDPR. While these regulations may not affect most US companies, non-compliance can carry substantial ramifications for those that do.

For instance, China’s new Data Security Law applies to non-Chinese businesses if they store data within China or collect it from Chinese people. Non-compliance, on the other hand, can bring fines starting at $15,000 and can reach as high as $1.55m. The European data protection law is similarly punitive, charging almost tens of millions of dollars in some situations.

However, state data security regulations aren’t the only concern for companies seeking to extend their IT infrastructure. Many specific industries follow their own cybersecurity regulations as well. The most notable is the Health Insurance Portability and Accountability Act (HIPAA), which affects companies that handle healthcare data. Given how sensitive this data is, covered organizations under HIPAA must meet rigorous standards.

That means companies should be all eyes and ears when it comes to the security of their third-party apps and services as well their own systems. For instance, teleconference platforms like Zoom feature HIPAA-compliant systems, but not entirely. Using third-party apps that don’t fall under specific regulations could put companies in legal danger.

Failure to comply with industry-specific standards like HIPAA can cost businesses as much as $50,00 per violation, almost $1.5m a year. More severe standard breaches can lead to criminal charges and jail time. 

Taking a Strong Stance on Cybersecurity Compliance 

Most seasoned cybersecurity experts claim that data breaches and other cybersecurity incidents are not a matter of “if” but “when.” 

Cyber-attacks have impacted businesses and individuals for many years, but efforts to compromise sensitive data have grown significantly in recent times. And while companies prioritizing security seem to do just fine, those not compliant are feeling the burn.

Corporate investigation experts help these companies meet their obligations by providing comprehensive compliance consulting services. The Corporate investigation team offers deep insights into business compliance obligations and when and how governments target companies for compliance failures, from security law compliance to regulatory compliance in industry-specific sectors.

In order for these companies to be compliant, they need to first figure out what laws or regulations they need to comply with. For instance, every state in the US has data breach notification laws that demand entities to notify their customers in the event of a data breach. Corporate investigation experts can help industry leaders identify state-specific laws and requirements so they can avoid potential compliance violations and their repercussions.

Cybersecurity Compliance Brings Significant Benefits to the Business

Having sound cybersecurity compliance measures enables businesses to protect their reputation, maintain customer trust and build consumer loyalty by ensuring their sensitive data is safe and secure.

For instance, a strong response is critical to protect customer loyalty and business reputation during an uncertain and confusing time triggered by a data breach. According to Deloitte, 59% of customers said that a single data breach would negatively impact their impression of the company, while 51% would forgive the company as long as they quickly address the issue.

Compliance with the latest regulation helps companies identify, interpret and prepare for data breaches that can impact their business and ruin their reputation and customer trust.

On the other hand, companies subjected to different state regulations must facilitate the right of their clients to access data they have collected. Compliant businesses are required by these laws to provide any personal information stored about the user and information about how the data is being used and where it is stored upon the request of customers. That means industries and businesses alike must be able to locate data and access it promptly.

For example, businesses under the GDPR are only allowed to collect data from customers who opt-in the data collection process and also be able to “forget” a user when requested, removing all of their personal information and agreeing to stop distributing that information to third parties.

These requirements are pushing IT companies to rethink their data management processes in a way that supports not only privacy but enhanced operational efficiency. Companies can begin by auditing their existing data systems to find out whether customers agree with their data collection program. Following an audit, they can remove data files for customers that didn’t agree - and apply organizational systems that make the data indexed and searchable. 

With new regulatory requirements and industry standards affecting all industries, cybersecurity compliance remains a driving force underlying business success – and compliant sectors are sure to stay on the floating line. 

Brought to You by

What’s Hot on Infosecurity Magazine?