After reading the third article this week about data breaches you realize it’s just a matter of time before you’re confronted with a compliance audit. It actually weighs on your mind a lot but when you try to take action you face resistance.
For your reports they don’t understand why they have to spend time on documentation and record keeping when no one has been checking and you haven’t had any problems.
And your CEO and CFO aren’t interested in investing current profits for a possible future problem.
When you’re confronting a “if it’s not broken, why fix it” mindset it is hard to get ahead of an issue before it’s a problem.
So start by pointing to the potential problems and minimize the “potential” part. Failing a compliance audit, or worse suffering a data breach due to compliance failure, has serious consequences for an organization.
Yes, there are possible fines that you will have to pay, plus the cost of the remediation, but those are small compared to the loss of trust and reputation you can suffer and the possible legal consequences.
In today’s knowledge economy your data is a strategic business asset. If there is lack of trust in the security and accuracy of your data there will be a lack of trust in your organization. The cost of “lack of trust” is enormous - just ask Equifax.
As the IT leader it is imperative you communicate this fact to your leadership and not let compliance ROI discussions focus solely on expenses. In fact investment in compliance can actually drive revenue by:
“demonstrating that data that is authentic, that is secure, that is accessible and that is factual actually helps companies make better decisions, faster decisions.“*
IT should lead on data security and integrity but it is a shared responsibility. Compliance in this area should be supported across the organization starting with the leadership team.
As the digital world expands be clear on the great risks of poor IT compliance but also emphasize the competitive advantage of getting it right!
*"The hunt for data analytics: Is your SIEM on the endangered list?" from searchsecurity.techtarget.com