More than half of UK businesses say compliance is manual and fragmented while just over one in 10 maintain continual readiness.
While the majority of UK businesses admit to their compliance capabilities being below par, an alarming 47 per cent remain naive to key risk indicators.
These findings highlight the results of a new report released by Quod Orbis, which analyses the compliance capabilities of UK businesses.
Drawing upon research spanning senior IT decision-makers at UK businesses of more than 1,000 employees from a range of sectors, the cybersecurity firm is now warning businesses that ignorance of their current compliance capability could lead to costly mistakes.
Where do the UK’s compliance capabilities currently stand?
Ultimately, this is the question that the firm’s latest report seeks to answer, and the reply has unveiled a serious cause for concern.
According to the report’s main findings, 42 per cent of businesses claim to have a ‘dedicated in-house compliance capability’ with direct access to all the necessary data and systems; a promising start.
The report identifies a further 26 per cent of businesses using in-house teams to consult with other departments for this data.
Yet the first blow comes with the realisation that only 14 per cent maintain continual compliance readiness. This describes a business’s ability to react and adhere to compliance requirements accordingly.
However, not all businesses are ready for this, particularly those with fragmented processes that require manual effort, which is the case for 52 per cent of those surveyed.
The same figure was found to not be keeping track of the cost of the compliance team acquiring data from other departments, while 70 per cent don’t monitor the time spent by other departments preparing data for compliance or track the time spent checking the veracity of internal data.
It’s, therefore, no surprise that 42 per cent remain concerned about the time it takes to process/format data to make it usable.
When it comes to the scope of these activities throughout the business, 15 per cent of businesses reported that they need to access more than 90 per cent of their technology for compliance purposes.
A further 37 per cent said they needed to access between 70 and 90 per cent of the estate, and a quarter require between 50 and 70 per cent. Only 16 per cent felt they needed to access less than half the estate to achieve compliance.
The current spurs and snags for compliance capabilities
According to the report, 47 per cent of respondents report a general level of ignorance of key risk indicators throughout the business. It’s surprising then that the report cites risk reduction as the primary cause for compliance activity.
However, validation of security controls was the second biggest driver, with three in five identifying it as the main motivation, reflecting the increased link between compliance and security.
When asked about the barriers to improving compliance capability, 28 per cent cited the fear of embracing new processes.
This was the top obstacle overall, related to the additional 23 per cent that identified attachment to the time and effort invested in developing the existing processes.
A lack of senior management sponsorship of new initiatives by a further 27 per cent. The biggest technological issue reported was the inability of solutions to access all necessary data and systems, identified as a barrier by a quarter of respondents.
For the company’s CEO, Martin Greenfield, “there is a worrying air to these figures.”
“Firstly, despite decent numbers of businesses investing in dedicated compliance teams, they do not seem to be able to deliver continual readiness,” he explains.
“Secondly, they don’t have the visibility and insight into the full technology estate to deliver high levels of confidence to the board, even though compliance teams are clearly being tasked with risk reduction and ensuring cyber security controls are up to scratch.”
“The traditional fear of new processes is clearly playing a part, but we can address the misunderstandings around the possibilities of modern technology to deliver better compliance.
“Systems do exist that provide more accurate insight, connected to all data sources and frameworks, delivering comprehensive insight into the compliance posture of an entire business,” concludes Greenfield.