Security and regulatory compliance should be a primary concern for any organization that collects, stores and analyzes data of any kind, which let’s face it, is virtually every company in the world. Data has become the most valuable asset for many companies. For some, it surpasses the value of their brand and products as the richest commodity in their portfolio. From obvious caches like payment, medical or other personal data to behavioral and other marketing details, most companies would agree that every piece of data deserves to be safeguarded to protect not only the customers’ privacy, but also your organization’s reputation.

Given that security and compliance are such critical priorities, we set out to investigate whether the reality lived up to the importance. Do U.S. companies actually make regulatory responsibility a top priority?

What we found was quite surprising. According to the results of our 2016 State of Compliance Survey, it turns out that many companies may actually be failing in their obligations to protect their customers, unnecessarily putting data—and their brands—at risk by underestimating the critical importance of security and compliance. In fact, it seems some of the companies we surveyed don’t realize the full weight of their regulatory responsibility, even in the face of increasingly sophisticated threats and their financial impact.

Here are just a few of the discoveries we made in our survey of nearly 500 U.S. C-level executives and senior-level managers. How does your company stack up by comparison?

• Nearly half (47%) of respondents are unsure which compliance regulations apply to their organization. This lack of certainty is surprising. At the very least, one would expect top-level management to have a stronger sense of the mandates they must adhere to, even if the technical details aren’t clear. This concern grows even more troubling, considering….
• 1 in 3 respondents say the CEO is principally responsible for regulatory compliance and another 1 in 4 were unsure whom within their organization is actually responsible. This begs the question: exactly who is steering the security ship?
• Perhaps more surprisingly, only 22% of respondents believe their organization has any privacy regulations to follow at all. Given the volume and variety of data every company now collects and stores, all companies have a major responsibility for data privacy. This response likely reveals that there’s a relatively widespread lack of education about the types of privacy requirements in place, which could translate into a widespread lack of compliance.
• But, the risks of noncompliance are great: nearly 60 percent of those surveyed say their customers do have formal compliance requirements. This leaves an unanswered question: if the majority don’t believe their organizations are subject to data and/or privacy regulations, yet 60 percent say their customers require compliance, does this mean the majority of American companies are failing to meet their obligations?
• Despite a growing reliance on the cloud for data storage and analysis, only half of respondents feel their data is actually secure in the cloud. So, are they putting data at risk? Or are they just afraid of what they don’t understand?

The results of our survey demonstrate that U.S. companies may still have a long way to go when it comes to ensuring data privacy, security and regulatory compliance, and is further evidence of the need for a comprehensive solution that ensures continuous compliance of all data, in every form, in all states and locations.

The bottom line is perhaps the best news of all: regardless of how your company stacks up, achieving a rigorous and comprehensive data security and compliance posture is entirely within your reach.