9 out of 10 CIOs admit new EU data law will leave them exposed
CIOs lack confidence in the security of their current data sharing processes, while board-level priorities don’t match up to reality
Short of time?
A new study of CIOs has exposed an alarming lack of confident in systems designed to protect sensitive data when shared with third parties.
Of the CIOs surveyed by Egress Software Technologies, 87% admitted to being worried that their current information security policies and procedures are not only putting their company at risk, but will also leave them exposed under the new EU General Data Protection Regulation (GDPR).
In addition, over three-quarters of CIOs (77%) said they are getting frustrated that despite technology – such as encryption – being available to enable secure ways of working, employees just aren’t using them. Significantly, 87% of these acknowledged this made their company more vulnerable.
Nearly three-quarters of respondents said they are committing to tightening up data sharing processes in response to the new data law, but only 20% are focusing on accidental breach – despite research showing it is responsible for 93% of incidents.
Out of step with reality
Throughout 2015, high-profile organisations were repeatedly the focus of media attention following cyber-attacks on their customer data.
Consequently, there are few surprises in board-level information security priorities on external vs internal threats to data protection, with 49% focused on external hackers and only 20% on accidental breach.
Board-level discussions on information security are also being brought into sharp focus now that the EU GDPR is looming overhead. The new legislation, due to come into force in 2018, will bring with it a mandatory notification processes of 72 hours for data breach incidents and fines of up to 4% global turnover for organisations that have put sensitive customer data at risk.
Unsurprisingly, this legislation is impacting on CIOs’ priorities, with 87% of respondents concerned their organisation might be exposed under the new regulation.
When examining some of the reasons behind the prioritisation of data security solutions, the research shows that 83.5% of respondents would prioritise technologies based on perceived ease of deployment, rather than their ability to secure data.
In particular, the research highlighted issues such as potential pressures on IT helpdesks (44%), disruption to work processes (31.5%) and complex integrations (23%) mean there is little appetite to tackle the issue head on and businesses remain at risk.
“This research is definitely a wakeup call for businesses’ priorities,” said Egress CEO Tony Pepper. “At a board level, these results demonstrate a concerning disconnect with reality. ICO statistics demonstrate that 93% of data security breaches occurs as a result of human error – that is, people making mistakes when sharing sensitive information, poor processes and systems in place, and overall lack of care when handling data.
“Consequently, the emphasis being placed on cyber attacks has the potential to become a distraction for many organisations. To date, much of the private sector has not been mandated to disclose breach incidents, but that is changing. And the results show that now they could be heading for trouble.”