sb-eu logo
Story image

Trend Micro says C-level executives are not prepared for GDPR

Cyber security company Trend Micro has conducted a survey finding that C-level executives are not taking the upcoming General Data Protection Regulation (GDPR) seriously enough.

The survey has found up to 16% of respondents don’t believe they will be impacted by the regulatory scheme, and more than a quarter (28%) admit they have limited or no processes in place for risk management and cloud security within their organisation.

The company says the results indicate some confusion as to exactly what Personally Identifiable Information (PII) needs to be protected.

Of those surveyed, 64% were unaware that a customer’s date of birth constitutes as PII and 42% wouldn’t classify email marketing databases as PII.

32% also don’t consider physical addresses and 21% don’t see a customer’s email address as PII either.

These results indicate that businesses are not as prepared or secure, as they believe themselves to be, as this data provides hackers with all they need to commit identity theft, with businesses facing fines for non-compliance.

Indi Siriniwasa, Trend Micro A/NZ managing director for enterprise and government says it’s concerning that so many Australian organisations are not prepared for the new legislation.

“It has never been more important for organisations to make cybersecurity a key priority, and protect the interests of their customers against cyber security attacks," he says.

“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”

According to the global survey, 66% of respondents appear to be dismissive of the amount they could be fined without the required security protections in place.

Additionally, 66% of businesses believe reputation and brand equity damage is the biggest pitfall in the event of a breach, with 46% of respondents claiming this would have the largest effect on existing customers.

Trend Micro says these attitudes are especially alarming considering businesses could be shut down in the event of a breach.

In addition, the survey has found businesses aren’t sure who should take ownership of ensuring compliance with the regulation.

Of those surveyed, 31% believe the CEO is responsible for leading GDPR compliance, whereas 27% think the CISO and their security team should take the lead.

The survey has found only 21% of those businesses actually have a senior executive involved in the GDPR process.

Siriniwasa adds, “Increasingly, cyber security is being addressed by executives at a board level which has been triggered mainly by the widespread awareness around the financial and reputational threat that outbreaks such as WannaCry and Petya have had on organisations around the world.

“It’s important for key decision makers including board executives to take shared responsibility to drive much-needed industry change.”

With threats growing in sophistication, businesses often lack the expertise to combat them, and layered data protection technology is required.

GDPR mandates that businesses must implement state-of-the-art technologies relative to the risks faced.

Despite this, only 34% of businesses have implemented advanced capabilities to identify intruders, 33% have invested in data leak prevention technology and 31% have employed encryption technologies.

The GDPR scheme will be implemented globally on the 25th of May 2018.

Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Women in tech: Equality journey not over
The idea of gender equality represents more than just physical bodies through doors. It is also the notion of perceptions, feelings, stereotypes and opportunity.More
Story image
Cybersecurity spending for critical infrastructure to surpass US$105 billion in 2021
The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective. More
Story image
Millions of email attacks missed by organisations’ cyber security protection
"While organisations have invested in protection against email threats, many of these attacks slip through gateways, landing in users inboxes."More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
Palo Alto Networks expands IoT security to healthcare
"Palo Alto Networks IoT Security is designed to ensure Healthcare Delivery Organisations can realise the benefits of IoT for patient care — without sacrificing security."More