Report Says Organizations Are Not Ready for Global Security Risks and Regulations

June 27, 2017

An Experian Data Breach Resolution and Ponemon Institute industry study says that while companies generally are aware of and intimidated by global privacy and data security regulations, they fail to properly understand and address necessary organizational changes to comply.

The study, Data Protection Risks & Regulations in the Global Economy, asked more than 550 IT security and compliance professionals, involved with their companies' global privacy and data security regulations, to weigh in on the top global security risks, as well as how prepared they feel their companies are to respond to a global data breach.

The study found that more than half (51 percent) of companies surveyed had experienced a global data breach, with nearly 56 percent experiencing more than one breach in the past five years. Yet, despite these major security intrusions, 32 percent of respondents noted that their respective companies still don't have a response plan in place.

Unfortunately, only 30 percent of respondents said their respective C-suite executives are fully aware of the state of their companies' compliance with global regulations. Moreover, only 38 percent of respondents agreed senior leadership views compliance with global privacy and data protection regulations as a top priority.

"Despite increasing reports of the damage caused by global data breaches, the study emphasizes that the increasing risk of, as well as the experience of going through, a global data breach isn't enough to lead CIOs and CSOs to prioritize compliance measures in line with what is expected in the GDPR," said Michael Bruemmer, vice president, Experian Data Breach Resolution. "More emphasis is required from companies, especially those with a multinational footprint, to get ahead of impending global regulations and risks. They can start by conducting risk assessments and investing in new technologies, such as encryption, as well as considering appointing a data protection officer to oversee compliance."

Additional findings from the study:

The GDPR notification requirements will be difficult to implement

Only 9 percent of respondents reported their organization is ready to comply with the European Union's GDPR.
Despite acknowledging the challenges and negative effects of noncompliance with the GDPR, many respondents (59 percent) said their companies don't understand how to comply.
Surprisingly, 34 percent said they're preparing for compliance by closing overseas operations in countries with a high noncompliance rate. This indicates they may not fully understand the GDPR, as it doesn't require companies to have physical operations in the European Union to be impacted.

Companies aren't adequately prepared to respond to a global data breach

Almost half (49 percent) of respondents stated their existing security solutions are outdated and inadequate to comply with global regulations. In addition, only 40 percent of respondents said their organization has the right security technologies to adequately protect information assets and IT infrastructure in all overseas locations.
Only 35 percent said their organizations could manage cultural differences or expectations around privacy and data security across all regions of the world.
Thirty-nine percent believe their organization has the right policies and procedures in place to protect information assets and critical infrastructure in all overseas locations.

Companies fail to prioritize global regulations and remain skeptical about benefits

Only 38 percent of respondents agreed that senior leadership views compliance with global privacy and data protection regulations as a top priority.
Eighty-nine percent of respondents believe the GDPR will have a significant impact on their data protection practices, yet only 41 percent believe global regulations will strengthen their organization's privacy and data protection practices.
Seventy percent don't believe or are unsure the more stringent notification requirements in the GDPR will benefit the victims of a data breach.

http://www.experian.com/data-breach/2017-data-protection-risks-regulations.html.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Report Says Organizations Are Not Ready for Global Security Risks and Regulations

Related Articles

Related Products

Report Abusive Comment