TRENDING
“
////////////////////////////////////////////////////////////////////
THE WAIT OF
MORE THAN A
YEAR BETWEEN
IMPLEMENTATION
AND THE FIRST
ACTION TAKEN BY
THE ICO UNDER
GDPR SEEMED
TO LEAD TO A
PERCEPTION
OUTSIDE THE
SECURITY
INDUSTRY THAT
THE REGULATION
WAS ‘ALL BARK
AND NO BITE’.
decision-makers surveyed said that their
organisation felt very positively about
GDPR, less than two thirds (62%) said their
business had made GDPR a top priority over
the past year. Tony Pepper, CEO, Egress,
commented: “Since the rush to meet last
May’s deadline, we now appear to be seeing
an ‘almost compliant is close enough’
attitude towards GDPR, with a significant
percentage of decision-makers indicating
that focus has waned in the past 12 months.
The wait of more than a year between
implementation and the first action taken
by the ICO under GDPR seemed to lead to a
perception outside the security industry that
the regulation was ‘all bark and no bite’.”
“This is important for businesses in the small
and mid-market segments, where our survey
found lower compliance levels being reported.
Although the ICO’s action to date has focused
on two well-known enterprise organisations,
GDPR demands compliance from businesses
of all sizes and they need to take all necessary
steps towards protecting data.”
Overcoming human error to tackle
data breaches
When asked about their single greatest
area of compliance investments, decision-
makers chose:
• Implementing new processes around the
handling of sensitive data (28%)
• Better auditing around what data we
collect and for what reasons (18%)
• Employment of a Data Protection
Officer or other additional compliance
staff (18%)
• New technology (17%)
• Implementing new procedures around
incident reporting (8%)
• End-user education and training (7%)
Yet despite these investments, over one-
third of respondents (37%) have reported
at least one incident to the ICO in the last
12 months. According to analysis of ICO
data, 60% of security-related personal data
breach incidents in the first six months of
2019 were caused by human error.
Pepper added: “The majority of respondents
(96%) acknowledged their organisation
has made investments in GDPR compliance
in the last 12 months, with implementing
new processes the most common top
priority. Yet despite this, we continue to see
data breach incidents being reported and
we know from the ICO that the primary
cause is human error – so clearly strategies
need to shift if we are going to turn the tide
against data breaches.
Reliance on people to follow processes
and protect data is only going to get
organisations so far: people are always going
to make mistakes or behave unexpectedly
and more must be done to provide a safety
net that protects sensitive information.
“It’s positive to see that almost one-fifth
(17%) of respondents are looking to
technology as a way to mitigate breaches,
but they must ensure these solutions tackle
human error as the root causes of many of
these incidents. They must look to the latest
advances in security and DLP technology
that can map a user’s behaviour to prevent
the array of mistakes that put data at risk
– from falling for phishing attacks that can
lead to malware or stolen credentials, to
misdirecting emails or attaching the wrong
documents. GDPR is here to stay and we’re
only going to see more companies penalised
for data breaches unless we’re able to
overcome these issues.” n
Although the authority’s announcement
that it intends to fine British Airways
and Marriott such staggering sums sent
shockwaves through the security community,
it is concerning only 6% of organisations
have taken action to avoid the full potential
of the legislation. These announcements
should definitely have acted as a clearer
warning that organisations cannot risk
compliance complacency.
26
INTELLIGENTCIO
www.intelligentcio.com