May 11, 2018 By Shane Schick 2 min read

The average cost for organizations that fail to comply with data protection regulations is $14.82 million, a recent research study warned. These costs stem from a variety of issues, including disruption to business, legal settlement costs, and fees or penalties imposed by regulators.

The results of the report underscore the importance of preparing for upcoming privacy regulations such as the European Union (EU)’s General Data Protection Regulation (GDPR), which will take effect on May 25.

The Rising Cost of Complying With Data Protection Regulations

The effort required to comply with data privacy regulations is significant. The report estimated that audits, the development of incident response plans, staff certification and other compliance-related activities could add up to an average cost of $5.47 million, a 43 percent increase from 2011.

This jump reflects the increasing complexity of security risks and data privacy issues, the authors suggested. In addition, the average cost of establishing incident response strategies to achieve compliance increased by 64 percent between 2011 and 2017, while investment in technology went up by 36 percent.

The study, conducted by the Ponemon Institute on behalf of Globalscape, also noted that the cost of compliance varies from sector to sector, depending on the sensitivity of the data organizations must protect. For example, the average cost of complying with data protection regulations in the financial services industry is $30.9 million, versus just $7.7 million for media companies. Smaller organizations also tend to pay more for compliance, since larger firms are more likely to have in-house expertise and sophisticated data protection technologies.

Reducing the Cost of Compliance

The report revealed that the cost of noncompliance is 2.71 times higher than the cost of aligning with data protection regulations. The authors outlined several steps organizations can take to reduce expenses related to compliance. Centralizing the governance of compliance activities, for example, can save firms more than $3 million. Conducting compliance audits, meanwhile, can save up to $2.86 million.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today