While companies generally are aware of and intimidated by global privacy and data security regulations, many fail to properly understand and address necessary organizational changes to comply, according to a recent study by Experian Data Breach Resolution and Ponemon Institute.
The report, “Data Protection Risks & Regulations in the Global Economy,” asked more than 550 IT security and compliance professionals to weigh in on the top global security risks, as well as how prepared they feel their companies are to respond to a global data breach.
More than half (51 percent) of companies surveyed had experienced a global data breach, with nearly 56 percent experiencing more than one breach in the past five years. Despite these major security intrusions, 32 percent of respondents said their companies still don’t have a response plan in place.”
Only 30 percent of respondents said their C-suite executives are fully aware of the state of their companies’ compliance with global regulations. In addition, only 38 percent said their senior leadership views compliance with global privacy and data protection regulations as a top priority.
One of the looming regulations is the European Union’s General Data Protection Regulation (GDPR). Only 9 percent of respondents reported their organization is ready to comply with GDPR.
“Despite increasing reports of the damage caused by global data breaches, the study emphasizes that the increasing risk of, as well as the experience of going through, a global data breach isn’t enough to lead CIOs and CSOs to prioritize compliance measures in line with what is expected in the GDPR,” said Michael Bruemmer, vice president, Experian Data Breach Resolution.