Trend Micro's new survey shows businesses are not as prepared for GDPR or secure as they believe themselves to be.

Edward Gately, Senior News Editor

September 6, 2017

3 Min Read

With the EU’s General Data Protection Regulation (GDPR) set to take effect in May 2018, a new survey shows C-suite executives are not approaching the regulation seriously enough, resulting in overconfidence when it comes to compliance.

The Trend Micro survey includes responses from 1,132 online interviews with IT decision makers from businesses with more than 500 employees in the United States, the United Kingdom, France, Italy, Spain, Netherlands, Germany, Poland, Sweden, Austria and Switzerland.

According to Trend Micro’s survey, nearly all (95 percent) business leaders know they need to comply with the regulation; 85 percent have reviewed its requirements. In addition, four in five (79 percent) businesses are confident that their data is as secure as possible.

However, there is some confusion as to exactly what personally identifiable information (PII) needs to be protected. Of those surveyed, nearly two-thirds (64 percent) were unaware that a customer’s date of birth constitutes as PII. Also, two in five (42 percent) wouldn’t classify email marketing databases, 32 percent don’t consider physical addresses and 21 percent don’t see a customer’s email address as PII.

These results indicate that businesses are not as prepared or secure as they believe themselves to be, Trend Micro says. Regardless, this data “provides hackers with all they need to commit identity theft, and any business not properly protecting this information is at risk of a penalty fine,” it said.

According to the survey, two in three (66 percent) respondents appear to be dismissive of the amount they could be fined without the required security protections in place. Only one in three (33 percent) recognize that up to 4 percent of their annual turnover could be sacrificed. In addition, two-thirds (66 percent) of businesses believe reputation and brand-equity damage are the biggest pitfalls in the event of a breach, with almost half (46 percent) of respondents claiming this would have the largest effect among existing customers.

During a presentation titled “Preparing Customers for a Harsh GDPR Reality,” at Channel Partners Evolution, Sept. 25-28, in Austin, Texas, Gary Southwell, CSPi’s vice president and general manager, products division, will tell partners how to help their clients with GDPR compliance. Register now!

“Investing in state-of-the-art equipment and employing data-protection policies should be seen as a wise business practice, not an operational burden,” said Rik Ferguson, Trend Micro’s vice president of security research. “As a strategic security partner, we see it as our shared responsibility to help customers meet GDPR data security compliance.”

Trend Micro also learned that …

… businesses are uncertain as to who is held accountable for the loss of EU data by a U.S. service provider. Only 14 percent could correctly identify that the loss of data is the responsibility of both parties, while half (51 percent) believe the fine goes to the EU data owner, and one-quarter (24 percent) think the U.S. service provider is at fault.

In addition, businesses aren’t sure who should take ownership of ensuring GDPR compliance. Of those surveyed, one in three (31 percent) believe the CEO is responsible for leading compliance, whereas 27 percent think the chief information security officer and their security team should take the lead. However, only one in five (21 percent) of those businesses actually have a senior executive involved in the compliance process. Meanwhile, 65 percent have the IT department taking the lead, while only 22 percent have a board-level or management member involved.

GDPR mandates that businesses must implement state-of-the-art technologies relative to the risks faced. Despite this, only one-third (34 percent) of businesses have implemented advanced capabilities to identify intruders, another third (33 percent) have invested in data leak-prevention technology and 31 percent have employed encryption technologies.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like