On May 25, the European Union’s General Data Protection Regulation (GDPR) went into effect. This long-awaited deadline ushered in a new age where confidence of data protection measures is more critical than ever. Organisations could incur reputational damage and a hefty fine, for example, if their lack of confidence coincides with GDPR non-compliance.
With GDPR on most organisations’ minds, now is the perfect time to look at just how confident organizations are in protecting the data they collect. Gemalto agrees, which is why we’ve released our 2018 Data Security Confidence Index (DSCI). This study, which represents the responses of more than 1,000 IT decision makers worldwide, explores whether organisations are prepared to secure the increasingly large amounts of data they collect on a daily basis.
So, one of the first questions we asked companies was if they have the resources to really understand the data they collect. The answer was a little surprising, and alarming from a security standpoint. Two-thirds (65%) of organisations said they do not possess the necessary resources to analyse all the consumer data they collect.
Think about that for a minute and the implications it has. If companies can’t analyse all of the data they collect, they likely don’t know all of the types of data they are collecting. And if they don’t know the types of data they are collecting, how can they classify it and apply the appropriate security controls for the data?
We also asked how ready companies were for regulations like GDPR and Australia’s Notifiable Data Breaches Scheme, and most organisations have a long way to go with their data regulation compliance. More than two-thirds (68%) of respondents admitted to Gemalto that they’re still not fully securing customers’ data in compliance with GDPR. This show that most organisations’ level of preparedness is at odds with their beliefs, as a majority (90%) of organisations think it’s important for companies to comply with data protection standards. If something is important, the usual outcome is that most companies (or people) get it done. Not in the case of GDPR.
Issues with compliance constitute just one of six areas of interest Gemalto examined for its report. Here are some of the other interesting findings from the report:
- Nearly half of companies don’t know where all of their sensitive data is stored.
- More than two-thirds of IT professionals believe unauthorised users can access their corporate networks
- Less than half of companies (43%) are extremely confident that their data would be secure following a breach of perimeter security
- One third (27%) of companies reported that their perimeter security had been breached in the past 12 months.
- Of the companies that had suffered a breach at some point, only 10% of that compromised data was protected by encryption, leaving the rest exposed.
For more information concerning these and other data protection findings, download your copy of Gemalto’s 2018 Data Security Confidence Index. Also, visit our Secure the Breach website and learn about the three key steps in protecting your company’s data in the event of a data breach.