One-third of organizations maintain more than 25 published policies and more than two-thirds maintain more than five policies
KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, today announced that it released a research report on compliance management. The research surveyed 1,872 cybersecurity professionals and is timely as these practitioners are navigating changing compliance standards like GDPR which launched last week.
Key findings from the report include:
· The penalties associated with a failure to comply with the various regulations to which organizations are subject can be significant (such as GDPR’s up to €20 million or 4 percent of annual global revenue) and can create a variety of both financial and non-financial consequences.
· Most organizations must track a significant number of internal controls and business processes in order to become compliant with the various regulations and regulatory frameworks to which they are subject.
· The vast majority of organizations surveyed go through at least two internal and/or external audits each year, but more than 15 percent go through six or more such audits each year.
· Nearly two-thirds of the organizations surveyed are using spreadsheets to manage their compliance process, but the use of spreadsheets is an inefficient way to manage the compliance- and audit-related tasks for all but the smallest organizations.
· Most organizations have either not evaluated compliance (forty-two percent) and audit management products or have done so in the past (forty percent), but fifty one percent are interested in the use of SaaS-based applications that would reduce the time required to satisfy their compliance goals and that would significantly reduce the costs associated with compliance management.
· The research found that most organizations maintain a significant number of published Policies, one-third of the organizations surveyed maintain more than 25 published policies and more than two-thirds maintain more than five.
The report notes one of the problems with managing so many compliance policies is that the management problem is not linear. Because there are interrelationships between policies, such as managing the same data sets in different ways, managing 10 different compliance policies is more than twice as difficult and complex as managing just five. Consequently, the growing number of compliance policies that organizations must address means either that a growing share of IT resources must be devoted to managing these policies, or that new ways of compliance management must be found.
“It’s vital for organizations of all sizes to have the right tools to properly manage their varied compliance needs,” said Stu Sjouwerman, CEO, KnowBe4. “That’s why KnowBe4 offers the KnowBe4 Compliance Manager – ideal for those looking to replace outdated spreadsheets with an easier, more manageable solution to comply with so many regulations and laws.”
KnowBe4 Compliance Manager (KCM) simplifies the complexities of ongoing compliance initiatives and reduces the burdens during auditing cycles that organizations face. With easy implementation and automation, the tool is both time and cost efficient.
To download the full research report, get it here. For more information on KnowBe4, visit www.knowbe4.com.
About KnowBe4
KnowBe4, the provider of the world’s largest integrated new-school security awareness training and simulated phishing platform, is used by more than 18,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.
Number 231 on the 2017 Inc. 500 list, #70 on 2017 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England and the Netherlands.