Nine in ten companies think new EU data protection rules will leave them exposed
Nearly nine in ten businesses say their current information security policies will leave them exposed under the new EU General Data Protection Regulation (GDPR).
In a survey by Egress Software Technologies, 87 per cent of CIOs admitted they are worried about the new rules putting their firms at risk thanks to their current procedures and systems for protecting data when it is shared with third parties.
The legislation, which will come into force in 2018, introduces a mandatory 72-hour data breach notification process and fines of up to four per cent of global turnover for organisations found to have put sensitive customer data at risk.
Nearly three quarters are committing to tightening up data sharing processes in response, the report said, but IT leaders are still concerned about the human factor’s effect on cyber security.
77 per cent of the CIOs questioned said they are frustrated that despite technologies like encryption being available, employees simply do not use them.
87 per cent acknowledged that this makes their companies more vulnerable.
But despite research showing 93 per cent of incidents involve human error, only 20 per cent of leaders are focusing on preventing accidental breaches in future.
And 83 per cent said they would prioritise technologies based on how easy they appear to be to deploy, rather than their ability to secure their businesses’ data.
Egress CEO Tony Pepper said: “This research is definitely a wake-up call for businesses’ priorities… The focus is now very much on delivering information security, but not at the expense of staff efficiency. Now it’s time for organisations to respond by investing in the right areas and, in doing so, tackle the heart of the problem.
“By procuring easily deployable technology that is simple for staff to use, not only will they gain end-user buy-in but will also protect the sensitive customer data they share.
“At the end of the day, this will not only help customer confidence but, by defending organisations from data breaches, will protect them from the reputational damage and large financial penalties that invariably follow a breach.”