A Study: Cost of Non-Compliance | ComplianceBridge

A Study: Cost of Non-Compliance

Written by ComplianceBridge Policies & Procedures Team on November 17, 2011

In January of 2011, the Ponemon Institute LLC conducted a study of 46 multinational companies to determine both the costs of Compliance and Non-Compliance. This was “the first study to use empirical data to estimate the full costs of the organizations compliance efforts, including the cost of non-compliance with laws, regulations, and policies. Here are some highlights from the study:

Costs of Compliance vs Non Compliance

  • The average cost of Compliance for the 46 companies was 3.5 million- or about $220.00 per employee per year.
  • The average cost of Non-Compliance for the 46 companies was 9.3 million- or about $820.00 per employee per year
  • On average, the cost of Non-Compliance is about 2.65 the cost of Compliance for the 46 companies.
  • In all but 2 cases, Non-Compliance costs outweighed Compliance costs.


Security Strategy and Non-Compliance Costs

  1. The study used a well known indexing method called the Security Effectiveness Score (SES). They found that;
    • The SES had no relation to Compliance costs.
    • The SES is inversely related to Non-Compliance costs
  2. Outcome: When an organization spends more money on SES costs, Non-Compliance costs go down.

Breakdown of Non-Compliance Costs

  1. 43% of Non-Compliance Costs are Indirect Costs. Indirect costs include data center downtime, diminished employee productivity, or administrative overhead.
  2. 30% of Non-Compliance Costs are Opportunity Costs. Reduced potential, lost business opportunities that result from compliance infractions, or a companies reduced reputation are all opportunity costs.
  3. 27% of Non-Compliance Costs are Direct Costs. Direct costs from non-compliance include loss in customers or revenue loss.

Watch a 2 Minute Demo of ComplianceBridge

Find out more about ComplianceBridge’s Policy & Procedure Software, as well as its Risk Management Software by watching a two-minute demo.

Watch Demo Now