Experian: How to Get Cybersecurity Buy-In from a Clueless C-Suite

… investing more in data breach preparation. When leadership is knowledgeable and actively involved in data-breach response plans, it emphasizes the importance of having a strategy in place throughout the organization. C-suite executives are able to support these cybersecurity preparation initiatives by approving agreements with pre-data breach partners to have the company better equipped to prepare and handle data breaches.

CFMI: Your report found only 36 percent were compliant with GDPR. What advice can you offer in getting C-level executives to understand why data-breach notifications can’t be delayed, even if their instinct is to delay? How can security pros drive home that failure to comply now with GDPR can result in notification delays later that will prove costly?

MB: General Data Protection Regulation (GDPR) data-breach notification standards are more difficult for organizations to comply with, so C-suite executives need to be involved in those discussions to understand the global rules and ramifications of not being GDPR compliant in the event of a data breach. With only 72 hours to notify the impacted parties of a data breach, being GDPR compliant requires senior executives to be educated about the importance of being able to act swiftly following a data-breach incident and the potential fines that are levied for not being compliant.