GDPR exposed holes
Almost half (43 per cent) of UK organisations have reported a data breach (actual or potential) to the ICO since GDPR came into effect, according to a survey run by Apricorn.
A third notified the ICO themselves, while 10 per cent were reported by somebody else. A further nine per cent of the IT leaders surveyed did not know whether a breach at their organisation had been reported to the ICO.
The risk of a data breach is the concern that troubles UK IT leaders the most when thinking about data privacy regulations, cited by 57 per cent of respondents. Addressing the variety of threats to data is next on the list (42 per cent).
The survey findings also indicate a lack of cyber-resilience within organisations, which is likely to affect their ability to manage the risk of, respond to and recover from a data breach. Respondents also reported difficulties in adequately identifying or locating data (33 per cent ), understanding data obligations (31 per cent ), and adequately securing data (25 per cent ).
In addition, when asked about the biggest challenges associated with implementing a cybersecurity plan for remote/mobile working, 39 per cent of IT leaders admitted they cannot be certain that their data is adequately secured, 18 per cent said they don’t have a good understanding of which data sets need to be encrypted, and 15 per cent have no control over where company data goes and where it is stored.
Apricorn Managing Director EMEA Jon Fielding said: “Prioritising the building of cyber-resilience will strengthen an organisation’s ability to prepare for, react to and recover from a cyber-attack. Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organisation can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”