72% of businesses view regulatory compliance as a high priority, but despite this more than half (53%) have cut or frozen their budgets for compliance and risk management, according to a new survey conducted by SureCloud, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions and security services.
With IT departments facing increasing data protection requirements and with limited resources, more than a quarter (27%) said that they had experienced a security incident leading to a data breach in the past year. Nearly 10% admitted that they did not know what all of their business compliance requirements were.
The survey of 130 UK IT and infosecurity professionals found that 61% of organisations use manual, spreadsheet based processes for risk management, or have no process of any kind in place. 65% also reported that their organisation relied on manual processes for handling compliance processes, or have no formal process in place. A quarter of respondents admitted that their organisation did not conduct annual risk assessments.
SureCloud CEO Richard Hibbert commented: “Business compliance requirements are growing, and it is becoming progressively more challenging for organisations to have an overview of their risk and compliance status across the business – especially when they are relying on manual, paper-based processes to do so. With IT departments seeing their compliance budgets cut in real terms, businesses run the risk of falling short of compliance standards, incurring penalties and even suffering data loss incidents.”
The compliance regulations that organisations identified as having to meet included ISO 27000 (49%), PCI DSS (39%), and a range of other quality management, business continuity and risk management standards, highlighting the complexity and breadth of requirements business are attempting to meet.
“Automating processes makes it easier for companies to get a clear view of their compliance and risk profile from a business perspective, helping to minimise their exposure to risks while saving IT teams both time and costs,” added Hibbert, “This quickly realises key strategic and operational benefits, and provides a solid foundation for future business planning.”
SureCloud is a rapidly growing Security, Risk and Compliance Cloud Service Provider. We focus on best of breed Security, Risk and Assurance applications that include Vulnerability Management, Risk Management, Policy Management, Compliance Management, Internal Audit, Incident Management, Business Continuity Management and Third Party Risk Management. Applications are built and delivered with the SureCloud Platform, which provides a simple yet realistic alternative to spreadsheet‐based processes.
In addition, SureCloud’s security testing and assurance services team help organisations secure their information assets, systems and data. Security Services include network and application penetration testing, physical security and social engineering, design and architecture review, information security consulting, a range of managed services, and bespoke services tailored to the customer’s requirements. SureCloud Services are also underpinned by the SureCloud Platform, allowing stakeholders to collaborate and manage services from kick-off through to post-test support.
SureCloud is headquartered in Reading, Berkshire, with more than 350 customers throughout the UK from the Legal, Gaming, Retail, Travel, Financial Services and Government sectors.