sb-au logo
Story image

Trend Micro says C-level executives are not prepared for GDPR

Cyber security company Trend Micro has conducted a survey finding that C-level executives are not taking the upcoming General Data Protection Regulation (GDPR) seriously enough.

The survey has found up to 16% of respondents don’t believe they will be impacted by the regulatory scheme, and more than a quarter (28%) admit they have limited or no processes in place for risk management and cloud security within their organisation.

The company says the results indicate some confusion as to exactly what Personally Identifiable Information (PII) needs to be protected.

Of those surveyed, 64% were unaware that a customer’s date of birth constitutes as PII and 42% wouldn’t classify email marketing databases as PII.

32% also don’t consider physical addresses and 21% don’t see a customer’s email address as PII either.

These results indicate that businesses are not as prepared or secure, as they believe themselves to be, as this data provides hackers with all they need to commit identity theft, with businesses facing fines for non-compliance.

Indi Siriniwasa, Trend Micro A/NZ managing director for enterprise and government says it’s concerning that so many Australian organisations are not prepared for the new legislation.

“It has never been more important for organisations to make cybersecurity a key priority, and protect the interests of their customers against cyber security attacks," he says.

“Not only is this a security and prevention issue, but it can also have a disastrous impact on both brand and reputation.”

According to the global survey, 66% of respondents appear to be dismissive of the amount they could be fined without the required security protections in place.

Additionally, 66% of businesses believe reputation and brand equity damage is the biggest pitfall in the event of a breach, with 46% of respondents claiming this would have the largest effect on existing customers.

Trend Micro says these attitudes are especially alarming considering businesses could be shut down in the event of a breach.

In addition, the survey has found businesses aren’t sure who should take ownership of ensuring compliance with the regulation.

Of those surveyed, 31% believe the CEO is responsible for leading GDPR compliance, whereas 27% think the CISO and their security team should take the lead.

The survey has found only 21% of those businesses actually have a senior executive involved in the GDPR process.

Siriniwasa adds, “Increasingly, cyber security is being addressed by executives at a board level which has been triggered mainly by the widespread awareness around the financial and reputational threat that outbreaks such as WannaCry and Petya have had on organisations around the world.

“It’s important for key decision makers including board executives to take shared responsibility to drive much-needed industry change.”

With threats growing in sophistication, businesses often lack the expertise to combat them, and layered data protection technology is required.

GDPR mandates that businesses must implement state-of-the-art technologies relative to the risks faced.

Despite this, only 34% of businesses have implemented advanced capabilities to identify intruders, 33% have invested in data leak prevention technology and 31% have employed encryption technologies.

The GDPR scheme will be implemented globally on the 25th of May 2018.

Story image
Ping named identity solution Leader by ISG
Recognised for Identity & Access Management in the 2020 Provider Lens Cyber Security – Solutions & Services Quadrant Report Australia.More
Link image
Put the pedal to the metal on the road to automation
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Link image
How a metrics-driven mindset can enable DevOps at enterprise scale
Here's how to enable dev teams to deploy higher-quality software and create reporting standards that clearly communicate software performance.More