Global Organisations Short of Investing in Cyber Security Ahead of GDPR (Study)
With the EU General Data Protection Regulation (GDPR) implementation pending shortly, a recent industry study revealed that organisations worldwide are insufficiently prepared to deal with the change adequately.
A worryingly large number of organisations fail short of increasing their investment in data security and latest cyber technologies to address GDPR, according to research by security company Micro Trend.
From over 1.000 IT decision-makers, CTOs and CIOs interviewed for the research from major global businesses (500+employees), only half could confirm that their organisations increased investment in IT security ahead of the GDPR to help with the compliance.
The lack of further investment in cybersecurity was acknowledged in spite of complaints from tech staff, often as a result of a misalignment between executive management and tech departments with regards to security issues.
According to a quarter of respondents, the biggest challenges to GDPR compliance remain the lack of sufficient IT security protection (25%) and an absence of efficient data security (24%), as well as limited resources to channel towards this specific development (25%).
Further to add to the problem, less than two-thirds of global organisations (63%) included in the study had a breach notification process in place for their customers in case of data theft and misconduct due to cyber attacks.
XGRC’s solution transforms your company’s data into rich visuals for you to collect and organise, so you can focus on what matters to you. Stay in the know, spot trends as they happen and push your business further.
Consequently, less than a third of these organisations (33%) said they have invested in encryption or advanced technologies designed to detect network intruders, or have invested in data loss prevention.
The study also uncovered evidence that many companies are not prepared to handle new requirements to notify of a data breach within 72 hours. Only a fifth (21%) of respondents said they have a formal process in place to notify the data protection authority.
What was more alarming in the study was the lack of the relevant education and training processes, with just 37% of organisations currently investing in staff awareness programmes.
The research concluded that organisations must find state-of-the-art technologies to help repel cyber-threats and keep key data and systems secure and find the right tools to tackle compliance, from the endpoint to the network and hybrid cloud environment.
View the research here.
MSX Cyber, part of the XGRC product range, assists organisations to drive performance and compliance with its integrated information security management system built on the ISO 9001 Quality and ISO 27001 Information Security framework.
ISO 27001 compliance within ISMS ensures the implementation of proper security controls in line with the latest business, legal, contractual and regulatory requirements. It also adheres to cybersecurity laws such as the General Data Protection Regulation (GDPR) or the NIS Directive.