Why security and compliance are good for business

Increasingly regular reports of security breaches are a timely reminder of the importance of data protection. When it comes to organisational growth, a strong security posture is necessary to attract, and then keep, customers. 

While large organisations such as Optus and Medibank have been in the news for customer data breaches, in 2020-2021, the Australian Cyber Security Centre (ACSC) received a total of 67,500 cybercrime reports—an increase of 13% on the previous year. That equates to one report every eight minutes, and the incidents are not confined to large organisations. 

Data breaches harm a company’s brand and erode customer trust. They also attract penalties. In the wake of the Optus and Medibank cases, new legislation was introduced that could see companies that fail to adequately protect people’s data face fines of $50 million, up from $2.2 million.

Since companies are now required to inform customers of any data breach, reputational damage is also a massive burden to growth.

According to the latest ACSC report, no sector of the Australian economy escaped the impact of cybercrime and other malicious cyber activity. Targets included government agencies, large organisations, small to medium enterprises and individuals.

This shows that any business is at risk of cyber criminals accessing their data without systems in place.

So, how can a business prevent the worst-case scenario from occurring and show its customers and employees that data is secured?

Vanta is the easy way to get and stay compliant. Book a demo to learn why thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months.

Understanding compliance

A good place to start is being able to prove strong security with compliance. Without a secure platform to store and manage data, startups will struggle to attract major customers and drive growth. But proving compliance through a SOC 2 attestation report or ISO 27001 certification can be time consuming and expensive.

But compliance is a new world for many. Some businesses aren’t aware of the need to show compliance, says Rob Picard, head of security at Vanta—the first-to-market automated compliance platform

“Many businesses first learn about the world of security and compliance when a customer or sales prospect requests a specific certification, attestation, or another type of compliance report. As they learn more, they realise just how much time it will take to accomplish that goal and close the deal.

“Vanta demystifies the process by providing tools for automated evidence collection, continuous monitoring, and auditor partnerships,” Picard says.

Automatically easier

If the recent reports of data breaches prompt businesses to take a look at their security systems, it might be the right time to assess how fit-for-purpose they are in a continually evolving space.

Managing compliance through spreadsheets and documents might have been the only option at one time, but technology is continually showing us more efficient ways of working.

For example, regulatory compliance rules can evolve rapidly as new threats arise, and they require a quick response. Updating spreadsheets manually to accommodate a single regulatory change can take hours, versus newer automated options on the market.

Picard says Vanta easily integrates with cloud-based systems such as cloud infrastructure providers, identity providers, and HR systems. 

Vanta automatically monitors their configuration and activity for compliance best practices with a variety of frameworks and standards. “It takes the time-consuming, manual steps out of a fast moving environment”, says Picard.

“You can spend lots of time collecting screenshots of dozens of systems to prove that they are configured correctly, or that appropriate processes are being followed. Vanta integrates directly with those systems to pull the evidence automatically,” Picard adds.

Depending on the business’s starting position, the process for some standards could range from weeks to months. 

“The time it takes depends on the specific goals. A SOC 2 Type I audit can sometimes be accomplished in less than a month under ideal conditions. A SOC 2 Type II audit might take 4-8 months to complete, as it requires an observation window.

“For startups looking to accelerate growth and unlock new markets, Vanta is the fastest way to get compliant, demonstrate, improve and scale security programs, and mitigate risks to user data and privacy. It cuts out 70% of the time it takes to do it otherwise,” says Picard.