As the General Data Protection Regulation (GDPR) is due to come into force in May 2018, there is an urgency to improve the way data is managed. However, despite this deadline and the evolving threat landscape, many companies are still not managing their data as well as they could, according to research from a managed services provider.
The research, by Vanson Bourne who surveyed 750 IT decision-makers for Claranet’s Beyond Digital Transformation research report, identified that many are struggling with security. Some two-thirds, 69 per cent of respondents stated that they were not able to secure customer data effectively, with almost half (45 per cent) encountering challenges around securing customer details when trying to improve the digital user experience for customers. This points to a distinct lack of capability when it comes to managing security in a reliable manner, according to the ISP (internet service provider). IT teams are struggling to acquire the skills and expertise that are necessary in addressing this disparity. Four in ten (44 per cent) identified security as one of the biggest challenges facing their organisation’s IT department, the most-commonly-cited challenge by some margin, and 43 per cent stated that improving security is one of the priorities for their IT departments over the next 12 months.
Comment
Michel Robert, Claranet’s UK Managing Director, said: “There can be little doubt that data security is the most pressing issue facing businesses today and that sound security practices are the foundation on which businesses are built, but our research confirms this is an area that most businesses are failing in. The GDPR is on our doorstep, but it is clear that many organisations have their work cut out if they are to comply with the regulation. Thinking more broadly, the fact that almost seven in ten organisations can’t guarantee the security of their customer data is particularly concerning.
“Part of the problem derives from the fact that most internal IT teams don’t have the skills, expertise or the time to keep up with the rapidly changing threat landscape as it’s not their core business. Our research has shown that organisations are very much aware of this problem, but also that they are still some way away from solving it. Businesses will need to stay alert to changes to legislation and the nature of prevailing threats, compliance and legislation as more and more data is stored and analysed, but security can slide down the list of priorities, jostling with ‘keeping the lights on’ maintenance activities and innovation,” he continued.
Hence businesses may ramp up their spend on IT security. According to the findings, the money spent on IT security by European businesses is set to increase by a third (37 per cent) over the next three years, when compared to the last three. This is an encouraging sign, but organisations need to find a way of tackling these security concerns in a way that is both quick and effective.
Michel added: “This focus on heavier investment in security bodes well for the future, and the fact that businesses are aware of where they are deficient means that they have the right mindset in place. However, it’s important to recognise that much still needs be done in terms of increasing cybersecurity capabilities at a pace rapid enough to ensure GDPR readiness and overall preparedness. Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives. By working with expert third parties, businesses can rapidly gain an extra layer of cybersecurity expertise and identify vulnerabilities and priorities for improvement, which is essential for organisations looking to grow their operations without compromising security.”
