Part
01
of one
Part
01
Data Protection Research
Key Takeaways
- According to the most recent whitepaper published by Ponemon Institute and Globalscape, the average cost of (data protection) compliance for organizations increased by 43% from $3.53 million in 2011 to $5.47 million in 2017. This cost can range anywhere from $5.5 million to almost $22 million.
- These costs vary across different industry sectors, ranging from $7.7 million for the media industry to over $30.9 million for the financial services industry. In terms of organizational size, companies with less than 5,001 employees incur higher (per-capita) compliance costs than companies with over 5,000 employees.
- According to the whitepaper published by Ponemon Institute and Globalscape, "organizations in heavily regulated industries such as financial services and healthcare have the highest compliance costs. Such costs are also affected by the amount of sensitive and confidential information an organization must secure."
Introduction
We have provided three insights into data protection and compliance costs, including the annual spend, budget, and revenue generated in the industry and segmentation; and the factors that determine these costs, including the relationship between these costs and the data diversity/scale. Below is an overview of our findings.
#1: Data Protection and Compliance Costs
- According to the most recent whitepaper published by Ponemon Institute and Globalscape, the average cost of (data protection) compliance for organizations increased by 43% from $3.53 million in 2011 to $5.47 million in 2017. This cost can range anywhere from $5.5 million to almost $22 million.
- The report further showed that data security, including the direct and indirect costs associated with enabling security technologies, accounted for about $2.011 million of this cost in 2017 ($5.47 million).
- Furthermore, these costs vary across different industry sectors, ranging from $7.7 million for the media industry to over $30.9 million for the financial services industry. In terms of organizational size, companies with less than 5,001 employees incur higher (per-capita) compliance costs than companies with over 5,000 employees.
- Companies invest most in compliance-related technologies and incident response, as seen in the chart below. "Between 2011 and 2017, the amount spent on technologies increased by 36%, and the amount spent on incident response increased by 64%."
- The average budget for privacy increased from $1.2 million in 2020 and doubled to $2.4 million in 2021, as 93% of organizations resorted to privacy teams to help navigate the impacts of the pandemic. This increase was fairly consistent across organizations of all sizes.
- "For smaller organizations, with 250-499 employees, the average budget grew from $0.8 million (2020) to $1.6 million (2021), while for larger organizations, with 10,000+ employees, the average budget grew from $1.9 million (2020) to $3.7 million (2021)."
#2: Revenue of the Data Protection Industry
- Globally, companies in the data protection industry generated $75.9 billion in 2020, while those in the US will generate an estimated $26.4 billion in 2021.
- Another report provides a typical segmentation of these revenues across various industries, as seen in the infographic below:
#3: Factors that Impact and Determine Data Protection/Compliance Costs
- To determine the cost of preventing data breaches, some of the factors to consider include (descriptions are in quotes):
- Network security assessment: the need to implement or optimize firewalls, anti-malware applications, and other tools for securing network data.
- Data storage assessment: whether data stored within physical servers, cloud servers, and other data repositories is properly encrypted; and whether data is sufficiently migrated to off-site storage to meet data redundancy needs.
- Access management assessment: whether accounts need stronger access control to prevent hackers from accessing data and launching various attacks.
- Endpoint protection assessment: the need to protect network perimeter devices — such as desktops, laptops, and mobile — against unauthorized logins, and to eliminate vulnerabilities hackers could exploit with various attacks.
- .... among others.
- According to the whitepaper published by Ponemon Institute and Globalscape, "organizations in heavily regulated industries such as financial services and healthcare have the highest compliance costs. Such costs are also affected by the amount of sensitive and confidential information an organization must secure."
- To further corroborate the above, "technology and telecoms companies spend the next most because of the sheer amount of data they collect and the complexity of their data processing activities."
- In terms of (data protection) compliance cost, some of the constituting elemental costs include data protection and enforcement activities, incident response plans, investments in specialized technologies to protect data assets, among others.
Research Strategy
For this research on data protection, we leveraged credible resources, including whitepapers, industry reports, and market reports that are publicly available, such as Ponemon Institute, Cisco, IT Governance, among others. Note that we have used a source that is beyond 24 months because it is the most recent, authoritative source of information on the subject and is severally referenced by other credible third-party sources.