A cyber firm polled 759 people at the recent RSA Conference 2018. A majority, 60 percent believed that the new European Union-wide General Data Protection Regulation (GDPR) will make EU citizens safer from the dangers of attacks such as identity theft. Some however felt it was too little, too late.
A minority, 22 percent stated their company’s security and privacy budget increased significantly to meet the needs of GDPR; and 8 percent said it actually decreased over the past 12 months. Most but far from all, participants were confident in their threat detection capabilities, as 65 percent stating they would be able to report a privacy breach to the regulator – in the UK’s case the ICO – within 72 hours of becoming aware of a cyber breach, the deadline laid down in the GDPR.
Most, 75 percent of participants supported more regulations on social media platforms to limit how they can use customer data for commercial purposes.
Javvad Malik, security advocate for cyber security product company AlienVault, said: “Maybe there’s a sense of despair that, left to their own devices, organisations would only accumulate more and more data that is not only poorly secured, but used to build comprehensive user models … Cyber security has come a long way from the days of merely being an IT function. It is very much embedded as a fundamental business requirement. However, the scope and impact of its responsibility haven’t evolved at the same pace – or at least haven’t appeared to do so. Which is why it appears that the CISO will bear the brunt of the blame in the event of an incident.”
The full report is available at: https://www.alienvault.com/blogs/security-essentials/should-the-us-have-its-own-gdpr-and-other-questions-surveyed-at-rsa-2018.
