SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
GDPR is imminent but 69% of businesses can’t secure customer data
Wed, 7th Mar 2018
FYI, this story is more than a year old

​GDPR is looming over the heads of IT staff throughout Europe (and beyond) and yet data is still not being managed properly.

Claranet has released the findings from a survey that was carried out by Vanson Bourne of 750 IT decision makers in Europe – and surprise surprise, cybersecurity has emerged as a serious issue.

A whopping 69 percent of respondents stated that they were not able to secure customer data effectively, while 45 percent are encountering challenges around securing customer details when trying to improve the digital user experience.

Claranet says this points to a clear lack of a capability when it comes to managing security in a reliable manner.

On this topic, it appears that IT teams are struggling to acquire the skills and expertise needed to address this disparity. 44 percent identified security as one of the biggest challenges facing their organisation's IT department (the most commonly cited challenge by a considerable margin), while 43 percent stated that improving security is one of the priorities for their IT departments over the next 12 months.

Claranet UK managing director Michael Robert says while a large number of organisations have said they will prioritise security over the next 12 months, GDPR is only a few months away – 25 May 2018 to be precise.

“There can be little doubt that data security is the most pressing issue facing businesses today and that sound security practices are the foundation on which businesses are built, but our research confirms this is an area that most businesses are failing in,” says Robert.

“The GDPR is on our doorstep, but it is clear that many organisations have their work cut out if they are to comply with the regulation. Thinking more broadly, the fact that almost seven in ten organisations can't guarantee the security of their customer data is particularly concerning.

Robert says part of the problem comes down to the fact that most internal IT teams simply don't have the skills or time to keep up with the rapidly changing threat landscape as it's not their core business.

“Our research has shown that organisations are very much aware of this problem, but also that they are still some way away from solving it,” says Robert.

“Businesses will need to stay alert to changes to legislation and the nature of prevailing threats, compliance and legislation as more and more data is stored and analysed, but security can slide down the list of priorities, jostling with ‘keeping the lights on' maintenance activities and innovation.

The findings also revealed there is to be some big money spent on cybersecurity in the coming years with European businesses set to ramp up their investments in IT security 37 percent over the next three years when compared to the last three.

While this is undoubtedly an encouraging sign that businesses are allocating more resources to security, money doesn't fix everything and organisations still need to find a way of tackling these security concerns that is both quick and effective.

Robert says the focus on heavier investment in cybersecurity certainly bodes well for the future but more input is still required.

“It's important to recognise that much still needs be done in terms of increasing cybersecurity capabilities at a pace rapid enough to ensure GDPR readiness and overall preparedness,” says Robert.

Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives. By working with expert third parties, businesses can rapidly gain an extra layer of cybersecurity expertise and identify vulnerabilities and priorities for improvement, which is essential for organisations looking to grow their operations without compromising security.