Most Organizations Ill-Prepared for Global Security Risks and Regulations
Only 9% of companies are ready for the European Union’s Global Data Protection Regulation (GDPR), and more than half (59%) do not even know how to start, according to research from Experian and Ponemon Institute.
Many companies may lack a plan because C-suite executives are unaware of global regulations. The Data Protection Risks & Regulations in the Global Economy study surveyed more than 550 IT security and compliance professionals. Just 30% of the respondents said their executives were fully aware of their company’s compliance with global regulations, and only 38% of senior leadership saw compliance with these regulations as a top priority.
The study also found many companies are not well-prepared for global security intrusions. More than half (51%) have experienced a global data breach, and 56% have experienced more than one in the past five years. Despite these breaches, 32% said their companies still do not have a response plan in place. Even more troubling, nearly half of the respondents (49%) said that their current security solutions are outdated.
“Despite increasing reports of the damage caused by global data breaches, the study emphasizes that the increasing risk of, as well as the experience of going through, a global data breach isn’t enough to lead CIOs and CSOs to prioritize compliance measures in line with what is expected in the GDPR,” said Michael Bruemmer, vice president of Experian Data Breach Resolution. “More emphasis is required from companies, especially those with a multinational footprint, to get ahead of impending global regulations and risks. They can start by conducting risk assessments and investing in new technologies, such as encryption, as well as considering appointing a data protection officer to oversee compliance.”