GDPR raising cybersecurity awareness among EU business leaders

EU-flag

As if the daily beating of data breach news wasn’t enough reason to bring the stark reality of cyber risks to the attention of corporate leaders, here comes the European Union’s General Data Protection Regulation (GDPR). Taking effect in May 2018, GDPR is managing to elevate cyber risks to the top of the corporate agenda for organizations that store data in citizens of the European Union.

According to a survey of more than 1,300 senior executives, conducted by insurance and risk management firm Marsh, 65 percent of respondents from organizations that operate in the EU say that they consider “cyber” to be a top risk. That’s a doubling from a similar survey conducted last year that found 32 percent citing “cyber” as a top five risk. Further, the survey finds that 23 percent of those organizations that fall under GDPR have endured a successful cyberattack in the past year.

The heightened cybersecurity concerns and looming GDPR deadline have EU organizations upping their security and risk management spending. “Of those respondents whose organizations have plans for GDPR implementation, 78% said they would increase spending on addressing cyber risk over the next 12 months, including spending on cyber insurance. Notably, 52% of those who do not have a plan for GDPR indicated that their investment in cyber risk management would increase,” Marsh writes in this news release.

Surprisingly, with about seven months left, only 8 percent of survey respondents claim that their organizations are currently GDPR compliant and a startling 57 percent say that their enterprises are currently development compliance plans. And another 11 percent of respondents are in for a very rude awakening, as they’ve reported that they have no compliance plans at all. “Smaller organizations were more likely to not to have a plan for GDPR with 19% of respondents from businesses with less than $50m annual revenue replying that no plan was in place,” Marsh wrote.

For those not familiar, GDPR mandates:

  • EU citizens’ personally identifiable information (PII) must be adequately protected, managed, and controlled.
  • Data breaches must be reported within 72 hours.
  • Non-compliant organizations risk significant fines, from 4 percent of annual revenue down to €20 million.

49 percent have fully developed a data breach incident response plan. Another 10 percent, however, have no plans to do so. It’s shocking that any organization today doesn’t have an incident response plan should sensitive data be exposed.

It is not pragmatic for an organization to assume it will never have to disclose a breach as required by GDPR – that’s just hope. It’s much more sensible to expect to be breached at some point and consider how to make a public disclosure. Because when it comes down to it, the difference between the winners and losers here is how well the breach is mitigated and managed and the effectiveness of the public response.

RELATED LINKS

GDPR in the public sector: A Rock and Roll listicle

Lemons, silos and trust issues: How to turn GDPR into lemonade

2 new business processes key to GDPR compliance

Trackbacks

  1. […] GDPR raising cybersecurity awareness among EU business leaders […]

    Like

  2. […] investment is no doubt the European Union’s (EU) General Data Protection Regulation (GDPR). The GDPR requires companies to provide a reasonable level of protection for personal data. While it’s not clear […]

    Like

  3. […] there is bad news. The good news we covered last month, with our post covering a survey that found increased cybersecurity awareness among business leaders could be attributed to the EU’s General Data Protection Regulation […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: