sb-as logo
Story image

Trend Micro says C-level executives are not prepared for GDPR

Cyber security company Trend Micro has conducted a survey finding that C-level executives are not taking the upcoming General Data Protection Regulation (GDPR) seriously enough.

The survey has found up to 16% of respondents don’t believe they will be impacted by the regulatory scheme, and more than a quarter (28%) admit they have limited or no processes in place for risk management and cloud security within their organisation.

The company says the results indicate some confusion as to exactly what Personally Identifiable Information (PII) needs to be protected.

Of those surveyed, 64% were unaware that a customer’s date of birth constitutes as PII and 42% wouldn’t classify email marketing databases as PII.

32% also don’t consider physical addresses and 21% don’t see a customer’s email address as PII either.

These results indicate that businesses are not as prepared or secure, as they believe themselves to be, as this data provides hackers with all they need to commit identity theft, with businesses facing fines for non-compliance.

Indi Siriniwasa, Trend Micro A/NZ managing director for enterprise and government says it’s concerning that so many Australian organisations are not prepared for the new legislation.

“It has never been more important for organisations to make cybersecurity a key priority, and protect the interests of their customers against cyber security attacks," he says.

“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”

According to the global survey, 66% of respondents appear to be dismissive of the amount they could be fined without the required security protections in place.

Additionally, 66% of businesses believe reputation and brand equity damage is the biggest pitfall in the event of a breach, with 46% of respondents claiming this would have the largest effect on existing customers.

Trend Micro says these attitudes are especially alarming considering businesses could be shut down in the event of a breach.

In addition, the survey has found businesses aren’t sure who should take ownership of ensuring compliance with the regulation.

Of those surveyed, 31% believe the CEO is responsible for leading GDPR compliance, whereas 27% think the CISO and their security team should take the lead.

The survey has found only 21% of those businesses actually have a senior executive involved in the GDPR process.

Siriniwasa adds, “Increasingly, cyber security is being addressed by executives at a board level which has been triggered mainly by the widespread awareness around the financial and reputational threat that outbreaks such as WannaCry and Petya have had on organisations around the world.

“It’s important for key decision makers including board executives to take shared responsibility to drive much-needed industry change.”

With threats growing in sophistication, businesses often lack the expertise to combat them, and layered data protection technology is required.

GDPR mandates that businesses must implement state-of-the-art technologies relative to the risks faced.

Despite this, only 34% of businesses have implemented advanced capabilities to identify intruders, 33% have invested in data leak prevention technology and 31% have employed encryption technologies.

The GDPR scheme will be implemented globally on the 25th of May 2018.

Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More