Home Technology Regulation C-suite execs cocky about data breach law compliance: survey

C-suite execs cocky about data breach law compliance: survey

Senior executives at companies with more than 500 employees in 11 countries appear to be somewhat casual in their approach to complying with requirements for the EU's General Data Protection Regulation that takes effect on 25 May next year.

Security firm Trend Micro came up with this finding after conducting 1132 online interviews with IT decision-makers in the US, the UK, France, Italy, Spain, the Netherlands, Germany, Poland, Sweden, Austria and Switzerland. 

A similar survey was conducted at Trend Micro's August CLOUDSEC conference, covering 292 Australian C-suite executives who were asked about the Australia data breach laws that take effect on 22 February 2018.

The company said it had seen the following broad trends:

  • senior executives shun GDPR responsibility in 57% of businesses;
  • about 42% of businesses don’t know email marketing databases contain personally identifiable information; and
  • about 22% of businesses claim a fine "wouldn’t bother them" if they were found in violation of the GDPR requirements.

While more than half (56%) of the Australians surveyed agreed they would be affected by the mandatory data breach laws, and either had a process to become compliant in place, or were working on one, 16% did not believe they would be affected by the scheme.

Additionally, 28% admitted they only had an informal process in place, or no process at all for risk management and cloud security within their organisation.

Indi Siriniwasa, managing director – Enterprise and Government, Trend Micro ANZ, said it was concerning that so many Australian organisations were unprepared or believed they would not affected.

“It has never been more important for organisations to make cyber security a key priority, and protect the interests of their customers against cyber attacks. Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation,” he said.

The GDPR includes provision for fines for failing to protect personal information of up to €20 million or 4% of turnover, whichever is greater. Australia's laws will levy fines on organisations that have a turnover of more than A$3 million.

In the countries other than Australia, Trend Micro found that those surveyed had strong awareness of the principles behind GDPR, with 95% knowing they needed to comply, and 85% having reviewed the requirements. Also, 79% of businesses were confident their data was as secure as it could be.

But when it came to defining personally identifiable information, things were not so clear-cut. Sixty-four percent were unaware that a customer’s date of birth was PII. 

Additionally, 42% said they would not classify email marketing databases as PII, 32% did not consider physical addresses to fall into this category and 21% did not think a customer’s email address was in this class. 

Trend Micro pointed out that this data was sufficient for identity theft, and any business not properly protecting this information could be penalised.

Another area of concern identified in the survey was the fact that businesses were unsure as to who would be held accountable for the loss of EU data by a US service provider. Only 14% were aware that both parties were equally responsible with 51% believing the EU data owner would be fined, while 24% were sure the the US service provider was at fault.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.