PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Data protection compliance costs less than noncompliance
This article is part of the Information Security issue of February 2018, Vol. 20, No. 1
Research has shown that having a CISO can lower the cost of a data breach. But is there an effect on the cost of data protection compliance? In many industries, the value of data is increasing, and so is the cost of protecting sensitive and confidential information. Regulatory scrutiny of information security is higher in industries such as financial services and healthcare, but that doesn't mean other companies are off the hook. In addition to PCI DSS, HIPAA and state data-breach notification and privacy laws, international businesses now face the European Union's General Data Protection Regulation (GDPR), which takes effect in May 2018. Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by data protection compliance costs. In a December 2017 report, "The True Cost of Compliance with Data Protection Regulations," the Ponemon Institute interviewed 237 functional leaders at 53 multinationals located in the United States and found that the average cost of compliance in fiscal year 2017 was $5.47 ...
Features in this issue
-
CISOs map out their cybersecurity plan for 2018
What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans.
-
David Neuman: The CISO position and keeping the cloud safe
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector.
Columns in this issue
-
Data protection compliance costs less than noncompliance
Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math.
-
Fred Cohen on strategic security: 'Start with the assumptions'
Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance.