90 percent of companies fail compliance

An overwhelming percentage of businesses still fall far short in their efforts to comply with industry data-handling regulations and reduce their likelihood of experiencing a serious leakage incident, according to a new survey.

In a report to be published by the IT Policy Compliance Group on July 18, the consortium of IT compliance and security experts concludes that some 90 percent of all businesses still do not have sufficient policies in place to meet data governance regulations and adequately limit the risk of a breach.

In the survey of 475 companies, a third of whom reported revenues of more than $1 billion last year, the industry group found that an overwhelming majority of the firms expect to deal with at least six business disruptions related to major data incidents per year along with five or more instances of information loss or theft.

While businesses continue to invest policy enforcement software, and other technologies aimed at helping them meet data-handling regulations, said James Hurley, managing director of IT Policy Compliance Group, most are still struggling to fill all the gaps left in their systems that leave them open to potential incidents.

Hurley is also a senior research manager at security software maker Symantec, a member of the compliance policy think tank, along with such organizations as the Computer Security Institute, Institute of Internal Auditors, ISACA, and IT Governance Institute.