3 IT compliance challenges for firms in 2018

IT compliance is a key issue for businesses as they prepare for the introduction of the GDPR in May. But businesses have faced increasing scrutiny over their data and technology protocols for some time, notwithstanding the looming regulation.

 

For example, the Information Commissioner’s Office handed down £3.2 million worth of fines for data breaches in 2016 – nearly double the previous year’s total.

 

However, IT compliance goes far beyond just data concerns, with British businesses needing to follow Financial Conduct Authority mandates, as well as international standards such as ISO 27001 and the IASME Gold Standard.

 

It’s therefore unsurprising that 43 per cent of respondents to a recent Pulsant survey said IT compliance is a major challenge to their business. Worryingly, 28 per cent said they weren’t completely sure with which regulations they needed to comply.

 

So what are the key hurdles facing IT compliance managers in the UK this year? We examined the Pulsant report to highlight the main difficulties.

1. Time and resource

Compliance takes time. Organisations must first achieve compliance and then ensure processes remain aligned to the necessary framework after the initial push.

 

Most businesses take this obligation seriously, with 55 per cent employing between one and five full-time equivalent staff to handle compliance matters. Nevertheless, 47 per cent said time and resource restrictions prevent them from optimising compliance.

 

The average spend on these activities is 17 per cent of the entire IT budget, and this figure is notably higher for industries such as financial services where regulations tend to be more strict.

 

A 2017 Accenture survey found that 89 per cent of finance executives believe compliance costs would increase over the following two years, with technology inertia being a significant driver of expenditure.

2. Compliance management 

Effective compliance touches all areas of the business, including its technology, staff and processes. But the breadth and depth of its reach can create management complexities.

 

Who is ultimately responsible for compliance? Most businesses (55 per cent in the Pulsant report) say the buck stops with the IT department. Dedicated compliance officers are accountable at 26 per cent of firms and risk managers are the go-to people at one-fifth of organisations.

 

Too many cooks can spoil the broth, and some businesses may struggle to identify clear pathways of responsibility. This is made even more difficult when 33 per cent of IT decision-makers don’t believe they should handle compliance; they want the C-suite to be culpable. Unfortunately, a lack of senior executive buy-in remains a problem at 22 per cent of businesses.

3. Finding the right skills 

Just eight per cent of respondents said they didn’t have the right IT compliance skills available to their firm, but over one-third still cited skills shortages as a key challenge.

 

One of the reasons for this gap could be that organisations are using a combination of in-house and third-party resources to fulfil tasks. Nearly four in ten businesses deliver compliance through a mix of internal and external staff.

 

Our own research found similar results, with 53 per cent of compliance professionals believing their business is adequately resourced for the demands placed upon it. The same percentage of firms said they use contractors on a regular basis, emphasising the reliance on interim support.

Building an effective IT compliance team

The results of the research highlight the importance of attracting and retaining the best compliance talent to meet growing IT regulation burdens.

 

Many of the challenges businesses are facing are people problems. Firms need more highly skilled employees for the development and management of IT compliance frameworks, as well as bigger budgets to hire them.

 

At Barclay Simpson, we add real value to compliance and Information Security recruitment. Whether you’re an organisation looking for the ideal candidate, or a compliance or security professional seeking the next step in your career, contact me on 0207 936 8953 or via email at ls@barclaysimpson.com.

 

Our 2018 Market Reports combine our review of the prevailing conditions in the compliance recruitment market with the results of our latest employer survey.

 

Image: Michail_Petrov-96 via iStock