Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:35 PM
Dark Reading
Dark Reading
Products and Releases

New Osterman Research Report: Only 13% Happy With Compliance Methods

Burdensome Compliance Management Processes are Eating Into IT Budget

A new Osterman study, sponsored by Security Awareness Training company KnowBe4, shows a low satisfaction level with current methods of managing compliance, despite the fact that 63% consider regulatory compliance to be “very important”. Only 13% are very satisfied with the current methods they use. Osterman's research also found typically 19% of compliance and audit time each year is spent on tracking requirements and another 31% on gathering and maintaining audit evidence.

According to the report, compliance management is subject to a high volume of change in regulations, with the US government leading the way as demonstrated by the growth of the US Federal Register. This document, a daily publication that contains proposed and final regulations of US federal agencies, published an average of 3,827 final rules and 2,445 proposed rules each year between 2002 and 2012. That represents an average of 14.7 final rules and 9.4 proposed rules each workday. Managing this level of change using manual processes can be very difficult, if not impossible.

“Much of the discontent stems from the focus on manual processes,” said Stu Sjouwerman, CEO of KnowBe4. “This is quite cumbersome and expensive. Improving the tracking and gathering of audit evidence alone can help an organization save considerably in both time and budget.”

To understand the high cost of conventional compliance management processes, Osterman Research conducted a survey with organizations in a variety of industries. Using a subset of their survey sample to eliminate outliers, they discovered that the combination of labor and expenditures on tools and services totals $523.93 per employee per year translates to a cost of $43.66 per month. For a company with 500 employees, that is $261,000.

One of the fundamental problems of compliance management is the fact that much of it is focused on manual processes – maintenance of spreadsheets or Word documents or  home-grown software that help an organization to stay current with its compliance obligations, but that require significant effort to maintain. Add to this the significant amount of time that is required simply to search for the right information to populate these documents and tools. One source has estimated that up to 80% of the time spent by compliance risk professionals is focused on the search for relevant data.

Moreover, there can be significant duplicate effort on the part of compliance management staff, particularly in large and distributed organizations because several people may be working on the same compliance issues unbeknownst to others in the organization. In conjunction with the manual nature of the compliance process in most organizations, this duplicate effort results in compliance management that is relatively inefficient and may actually be contradictory in some cases as different groups develop their own interpretation of how best to satisfy compliance issues.

KnowBe4 has developed KnowBe4 Compliance Manager (KCM), a cloud-based solution that consolidates audit management and regulatory compliance tasks into simple, automated workflows that prevent overlap and eliminate gaps. KCM includes a fast setup, consolidation of multiple regulatory requirements, centralized interface, alerts, task assignment and secure access to audit data.Organizations can create custom compliance templates that allow staff members to track compliance with any standard or regulation, including PCI-DSS, HIPAA, GLBA, SOX, FISMA, and state-specific requirements, among many others.

For more information visit www.KnowBe4.com

To learn more about KCM visit: https://s3.amazonaws.com/knowbe4.cdn/KCMDatasheet.pdf

To download the new whitepaper, go to: http://info.knowbe4.com/whitepaper-osterman-140414-0

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

Tags: GRC, Compliance Management, Compliance Automation Software, Security Awareness Training, PCI, HIPAA, GLBA



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-10
IBM Jazz Reporting Service 6.0.6,, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
PUBLISHED: 2020-08-10
IBM Jazz Reporting Service 6.0.2, 6.0.6,, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
PUBLISHED: 2020-08-10
IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183039.
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.