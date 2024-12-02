In particular, 29 % of businesses have been cited by a regulatory body for failure to comply with security regulations in the last 24 months. Regulatory fines are considered more damaging than customer lawsuits, negative publicity and reduced sales. 28% of organizations said regulatory fines are the most damaging consequence of being cited for a regulatory violation, followed by customer lawsuits (22%), negative publicity (20%) and reduced sales (8%).

Despite the EU GDPRs requirement to notify regulatory authorities of a data breach within 72 hours, 13% of the surveyed IT professionals admitted it takes between one month and one year to do so. Also, 16% of businesses take between one and six months to detect a security threat and 5% only detect a threat when notified by external parties.

Although C-suite interest in data governance is increasing, visibility proves challenging. While its good news that 76% of C-suite and board-level executives review and assess regulatory compliance with state, federal and international data protection laws, 12% do so infrequently (between one and three years).

ISO and NIST data protection guidelines are rising in importance. 88% of the surveyed IT professionals consider ISO and NIST guidelines to be either very important or important. Yet, 28% of organizations have been hit by a data breach in the last 12 months.

The Data Protection: Prioritizing Regulations & Guidelines research study was fielded in October 2016 to 460 IT professionals in the United States, Canada, Mexico, United Kingdom, France, Germany, India, Japan and China.