Tripwire, a Portland, Ore.-based provider of IT security and compliance automation solutions, and the Traverse City, Mich.-based Ponemon Institute announced the results of the first benchmark study to estimate the costs associated with an organization's compliance efforts.
In-depth conversations with 160 business leaders spanning 46 multinational companies in multiple verticals revealed that dedicated investments in compliance activities—to meet common regulations such as PCI, Sarbanes-Oxley and HIPAA—are not only a critical component of a comprehensive enterprise security strategy, but can also offer return on investment over time. The average cost of compliance was found to be more than $3.5 million. However, the cost of non-compliance comes in significantly higher at an estimated $9.4 million, 2.65 times higher than compliance costs.
Data protection and enforcement activities ranked among the most expensive compliance activities, and business disruption and loss of productivity were found to be the most significant consequences for companies that did not achieve or maintain compliance. When addressing external compliance, PCI DSS, state privacy and data protection laws, the European Union Privacy Directive and Sarbanes-Oxley were named as the main drivers for investment in compliance, and also among the most difficult requirements to comply with.