A main motivation for compliance and robust information security is avoiding fines.
The average UK fine for data breaches and violation of data protection rules is now around £257,982.
According to research by ISMS.online, a survey of 502 information security professionals found 19% of businesses cite that their main motivation for compliance and robust information security is to avoid fines and penalties.
The research also found that current compliance processes can be demanding and time-consuming, with over 65% citing that it took between 6-18 months to meet compliance with GDPR alone. Similarly, 60% took the same length of time to comply with NIST and ISO27701, and 57% struggled to meet ISO270001 and The Privacy Act, needing as much as 18 months to do so.
“The landscape is certainly changing when it comes to compliance and fines. It is staggering to see that over 99% of businesses have received fines over the past 12 months, yet it seems that these penalties are now seen as a small part of the compliance story,” said Luke Dash, CEO of ISMS.online.
“Businesses previously saw compliance as a way to sidestep hefty fines and negative publicity, however as our research shows, competitive advantage, reputation and protecting information are now seen as the main benefits of compliance.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.