Skip to content ↓ | Skip to navigation ↓

The True Cost of Compliance Report published in late January by the Ponemon Institute has generated some rich conversations within the infosec community as well as two great interviews with Dr. Ponemon by industry thought leaders.

This multinational benchmark study uncovers the economic impact of compliance to the business, and helps us determine if the investments we’re making on compliance are helping with our data protection and privacy efforts. In interviews and webcasts conducted since the report was published, Dr. Ponemon has discussed the problem of security being ‘invisible’ to the C-Level in many organizations until a data breach occurs. This study sets a precedent in using empirical data to estimate the full economic impact of compliance and non-compliance.

In Episode 232 of the Network Security Podcast, Martin McKeay (@mckeay) interviewed Dr. Ponemon (@PonemonPrivacy), delving into the details of the study by asking his own illuminating questions in addition to questions from the infosec Twitter community.

Martin Fisher (@armorguy) also interviewed Dr. Ponemon for Episode 47 of the Southern Fried Security Podcast (@SFSPodcast), asking some pointed questions to shed more light on the costing model used to arrive at $3.5 million and $9.4 million for the respective costs of compliance and non-compliance.

Both are thought-provoking listens that help extract more insight and usability out of the report’s findings.

Additional Resources:

Recorded Webcast with Dr. Larry Ponemon on “The True Cost of Compliance Report”

The True Cost of Compliance Report

Understanding the Cost of Compliance — Part I by @cindyv

Understanding the Cost of Compliance — Part II by @cindyv

Understanding the Cost of Compliance — Part III by @cindyv