Businesses only have six months to prepare for the General Data Protection Regulation (GDPR) however according to research conducted by cyber security firm Trend Micro, there’s a great deal of confusion among businesses about such regulations.
The study quizzed more than 1,000 global IT decision-makers about data protection laws and regulations, with 30 per cent unable to agree what “state of the art” security requirements actually entail.
There were a number of core findings in the study. In particular:
– 30 per cent of businesses define “state of the art” security as simply buying cyber security protection products from established market leaders
– 17 per cent believe that it’s using products that pass third-party tests
– 16 per cent said they think the term responds to products that have been rated highly by analyst reports
– 14 per cent suggested that it covers start-ups providing innovative security products
– 12 per cent of IT bosses are more concerned about the price of products rather than whether they meet GDPR requirements
The report also suggested that organisations will struggle when mandatory breach-reporting rules come into force. 63 per cent of businesses have a significant notification process in place, and in countries like the US, firms have to deal with this issue on a state-by-state basis.
Going against GDPR guidelines, 21 per cent of respondents said their companies have processes in place but avoid telling customers about data breaches.
Due to the fact that there’s a lack of specific approach definitions offered by data protection authorities, companies are struggling to put the right mechanisms in place to protect customers.
Intruder identification technology is the most commonly implemented solution, with 34 per cent incorporating it into their companies.
Data leak protection (DLP) products follow closely, with 33 per cent using them. 29 per cent are using encrypted hardware to protect data.
Despite these investments, the research indicates that companies are failing to take steps to qualify their approach to this technology – relying on single purpose or legacy defences.