Hyperproof, a compliance operations platform company, has released its 2022 IT Compliance Benchmark Report, a survey containing comprehensive benchmarks on how companies manage IT risks and compliance efforts in a time when requirements are increasing in complexity. The responses, collected in December of 2021, come from 1,014 compliance and IT risk management professionals in the technology industry. Seventy per cent of respondents work for companies headquartered in the United States and the remainder work for companies headquartered in the UK.
The survey revealed that third-party risk management is top of mind for many compliance and risk management professionals. Half of all respondents (51 per cent) are planning to expand their third-party risk management program in 2022. In fact, greater awareness of third-party risk is one of the top reasons organizations have chosen to increase their overall IT risk and compliance management budget in 2022.
Ninety per cent of all survey respondents reported being negatively affected by a third-party incident in the past year. Third-party incidents ranged from supply chain disruptions to data breaches to compliance violations related to an organization’s lack of oversight over their third-parties.
Hyperproof also found data breaches continue to plague organizations. In the survey, 63 per cent of respondents reported they experienced a data breach that led to the disclosure of regulated data — such as protected health information or other sensitive data — in the last 24 months. Among respondents who had knowledge of data breaches within their organization, the biggest proportion, 44 per cent of respondents, reported they lost between $1 million and $5 million. The average amount lost was $4.58 million.
Interestingly, not all organizations suffered equally from data breaches, Hyperproof found. Organizations that take an integrated approach to IT risk management and make an effort to align their risk and compliance activities are much better at avoiding data breaches compared to organizations that see their compliance function as the function that enforces rules and regulations (and conduct risk and compliance activities in silos). While 63 per cent of Hyperproof survey respondents overall reported that their organization has experienced a security breach in the past 24 months, only 47 per cent of those who take an integrated approach to risk management and compliance activities experienced a security breach. Meanwhile, 68 per cent of all “compliance-centric” respondents experienced a security breach in the past two years.