From Data Breach Fatigue to Compliance Fatigue

By: Arieanna Schweber | 3/30/2015

The continual barrage of data breaches, intensified media scrutiny, and tighter requirements for data breach notification have led to a situation of data breach fatigue. With 2.1 data breaches per day in 2014, consumers became apathetic. Executives began to feel that both prevention and remediation were futile. These feelings, all around, have dangerous repercussions.

Adding to this feeling of data breach fatigue is a related phenomenon affecting organizations: compliance fatigue. As explored by Taylor Armerding on CSO Online, the compliance requirements, often from overlapping regulators as we’ve been exploring, can definitely make organizations “feel like they are drowning in a sea of regulations.” Organizations are not keeping up.

A recent report from Verizon showed that PCI compliance was up, but only to 20%. Although this represents only one industry regulator, compliance is a struggle for all organizations, despite intentions to meet the requirements. In some cases it’s an inability to meet the requirements; in other cases, employees wilfully circumvent requirements to get work done. A portion could also be attributed to compliance fatigue, as explained by Craig Isaacs, CEO of Unified Compliance Framework:

“Compliance is already out of control, and we expect security regulations and standards to become increasingly stringent in the year ahead. Most organizations have no idea what is actually required of them because they have no way of seeing all the requirements at once."

Even if 100% compliance may never be achievable, mistakes do happen and even the best prepared organization could still suffer a breach, it is possible to move further toward compliance. As suggested in the article, a process of simplifying data (reducing what is stored, limiting where it is stored) can make protecting said data less complicated. Implementing persistent systems that can remotely delete data at risk, or alert you if a device or the data contains is at risk, is one part of a layered approach to data protection that can help simplify compliance.

Contact us to learn how Absolute Software can help your organization navigate the choppy regulatory landscape and to mitigate the ever-increasing data security risks.

Financial Services