Freely subscribe to our NEWSLETTER

© maraga

This year has seen an influx in large scale breaches and the UnitedHealth Group ransom attack in April this year is one example of the huge financial impact these breaches can have. This attack alone resulted in the ChangeHealthcare platform being suspended, with the BlackCat/ALPHV group claiming it stole 6 TB of data and resulted in a massive $872 million loss.
As data breaches continue to surge, government entities and trade bodies are in turn, trying to meet these challenges with updates and implementation of regulations and compliance mandates. Equally, businesses are prioritising cybersecurity. According to the UK Cybersecurity Breaches survey 2024, three-quarters of businesses (75%) reported that cybersecurity is a high priority for their senior management and many organisations have continued to invest either the same amount or more in cybersecurity over the last 12 months. This is in part a response to the perceived increase in the number of cyber-attacks and their sophistication.

Despite continued investment, ISMS.online’s survey of 502 information security professionals in the UK found that businesses are still falling foul to data breaches. The average UK fine for data breaches and violation of data protection rules now amounts to £257,982. That said, only 19% of businesses cite that their main motivation for compliance and robust information security is to avoid fines and penalties. Increased customer demand (34%), protecting business information (33%) and remaining competitive (30%) rank as the top three motivations.

Luke Dash, CEO of ISMS.online, commented, “Businesses are failing to recognise that compliance and security come hand in hand, and if they want to protect their information and maintain their custom, meeting regulatory requirements will put them in a good position to do so. It will also demonstrate their willingness to put their customers and their data first. Should a breach occur, this should ease any financial repercussions, but will certainly bode well for loyalty and reputation to enable businesses to remain competitive despite any incident and setbacks that may ensue.”
This is supported by the findings given that a mere 22% of respondents believe that complying to avoid fines and penalties has provided a decent return on their investment in information security compliance programmes. The majority (32%) cite enhancing their business reputation as a secure reliable entity was the best ROI.
“The landscape is certainly changing when it comes to compliance and fines. It is staggering to see that over 99% of businesses have received fines over the past 12 months, yet it seems that these penalties are now seen as a small part of the compliance story.

“Businesses previously saw compliance as a way to sidestep hefty fines and negative publicity, however as our research shows, competitive advantage, reputation and protecting information are now seen as the main benefits of compliance”, Dash added.

Positively, businesses do seem to be recognising that building effective information security foundations is essential for compliance, and it is encouraging to see that 45% of the ISMS.online survey respondents noted that their businesses plan to increase their information security budget by up to 25% in the coming year to do so. This provides critical assurances to customers, shareholders and regulators.

The research also found that current compliance processes can be demanding and time-consuming with over 65% citing that it took between 6-18 months to meet compliance with GDPR alone. Similarly, 60% took the same length of time to comply with NIST and ISO27701, and 57% struggled to meet ISO270001 and The Privacy Act, needing as much as 18 months to do so.

 “This is just a snapshot of the legislation businesses are facing and these rising regulatory fines, as highlighted by the ISMS.online research, prove there’s still some way to go. But compliance doesn’t need to be as onerous.  As auditors, it’s our job to identify conformity with standards and, therefore, aid businesses in meeting the mounting requirements within these to help them reduce the risk of a breach.

“There are solutions now that can streamline and automate these conformity audits, reducing manual tasks and enabling successful audit engagements. Being able to eliminate the frustration of sorting through diverse and complex systems and making audits more straightforward could be the difference between saving thousands or losing hundreds of thousands and your reputation to boot”, said Warwick Tams, Head of Sales, Alcumus ISOQAR.
– ends-

Research Methodology
ISMS.online commissioned leading independent market research firm Censuswide conducted the research. With a sample of 1,526 respondents who work in information security across 10 sectors including technology, manufacturing, education, energy and utilities and healthcare in the UK (502), USA (518) and Australia (506). The research uncovers the main information security and compliance challenges facing organisations in these regions. The survey fieldwork took place between 22.03.2024 - 02.04.2024.