With the EU’s General Data Protection Regulation (GDPR) set to take effect in May 2018, a new survey shows C-suite executives are not approaching the regulation seriously enough, resulting in overconfidence when it comes to compliance.
The Trend Micro survey includes responses from 1,132 online interviews with IT decision makers from businesses with more than 500 employees in the United States, the United Kingdom, France, Italy, Spain, Netherlands, Germany, Poland, Sweden, Austria and Switzerland.
According to Trend Micro’s survey, nearly all (95 percent) business leaders know they need to comply with the regulation; 85 percent have reviewed its requirements. In addition, four in five (79 percent) businesses are confident that their data is as secure as possible.
However, there is some confusion as to exactly what personally identifiable information (PII) needs to be protected. Of those surveyed, nearly two-thirds (64 percent) were unaware that a customer’s date of birth constitutes as PII. Also, two in five (42 percent) wouldn’t classify email marketing databases, 32 percent don’t consider physical addresses and 21 percent don’t see a customer’s email address as PII.
These results indicate that businesses are not as prepared or secure as they believe themselves to be, Trend Micro says. Regardless, this data “provides hackers with all they need to commit identity theft, and any business not properly protecting this information is at risk of a penalty fine,” it said.
According to the survey, two in three (66 percent) respondents appear to be dismissive of the amount they could be fined without the required security protections in place. Only one in three (33 percent) recognize that up to 4 percent of their annual turnover could be sacrificed. In addition, two-thirds (66 percent) of businesses believe reputation and brand-equity damage are the biggest pitfalls in the event of a breach, with almost half (46 percent) of respondents claiming this would have the largest effect among existing customers.
|During a presentation titled “Preparing Customers for a Harsh GDPR Reality,” at Channel Partners Evolution, Sept. 25-28, in Austin, Texas, Gary Southwell, CSPi’s vice president and general manager, products division, will tell partners how to help their clients with GDPR compliance. Register now!|
“Investing in state-of-the-art equipment and employing data-protection policies should be seen as a wise business practice, not an operational burden,” said Rik Ferguson, Trend Micro’s vice president of security research. “As a strategic security partner, we see it as our shared responsibility to help customers meet GDPR data security compliance.”
Trend Micro also learned that …