Just half of businesses with more than 500 employees have increased investment in IT security ahead of the EU’s General Data Protection Regulation, a new survey of 1,000 IT leaders indicates.
The research, commissioned by security firm Trend Micro, also reveals that only 63 per cent of enterprises have a process in place for their notifying customers about breaches, despite GDPR establishing strict new rules for breach notification.
Under the regulation, companies hit by cyber attacks have to notify regulators and affected customers within 72 hours of becoming aware of the breach. The regulation also urges firms to encrypt sensitive data, yet fewer than a third of respondents said they had invested in the technology. Meanwhile, only a third of firms have invested in data loss prevention or network intruder detection systems.
“The GDPR is clear that organisations must find state-of-the-art technologies to help repel cyber-threats and keep key data and systems secure. It’s concerning that IT leaders either don’t have the funds, or can’t find the right tools to tackle compliance,” said Bharat Mistry, Principal Strategist at Trend Micro. “Organisations need defence-in-depth combining a cross-generational blend of tools and techniques, from the endpoint to the network and hybrid cloud environment..
The regulation comes into effect on 25 May and grants data protection regulations such as the Information Commissioner’s Office the power to fine firms £17m or up to 4 per cent of their annual global turnover.