This is the fourth and final blog in my series of Understanding the Cost of Compliance, and I’ll discuss the per capita cost of compliance and non-compliance. The True Cost of Compliance report estimates the cost of compliance to be $3.5M and the cost of non-compliance to be $9.3M. In my conversations with practitioners, I’ve found that they’re better able to benchmark themselves if they utilize the per capita cost of compliance findings.
A few outcomes that become apparent when we look at this graph:
- Per capita costs are significantly higher for smaller organizations
- Larger organizations can take advantage of economies of scale — per capita cost is much lower
- The gap between compliance cost and non-compliance cost is much larger in smaller organizations — four times larger in organizations that have less than 1,000 employees versus one and a half times as much for organizations with more than 75,000 employees.
As we’ve discussed in previous posts, organizations experience both compliance and non-compliance costs. The goal is to utilize compliance investments to help improve security effectiveness.