Source: Information Security Buzz
- AlienVault survey of over 900 attendees at Infosecurity Europe exposes widespread concern about upcoming GDPR legislation, and the UK government’s technology policies
- Half of those surveyed fear that GDPR could cause people to try and cover up data breaches
- Over half (54%) believe that a change of leadership at No. 10 would have made the country more cyber secure
LONDON, UK – The cybersecurity industry believes that the European General Data Protection Regulation (GDPR) is stifling innovation by making companies nervous about using cloud-based applications and services, according to new research published today by AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence.
In a recent survey of over 900 conference participants at Infosecurity Europe, almost half (49%) of respondents said that the threat of GDPR fines is making them more nervous of using cloud-based apps and services. This could be due to the lack of cloud security expertise that participants described within their organisations. Over a quarter of them (28%) described the level of cloud security expertise in their organisations as either ‘novice’ or ‘not very competent’.
Over a quarter of those surveyed (27%) admitted to cutting corners with cloud security in order to reduce costs, such as sharing credentials to access cloud-based apps and services within their organisations. In addition, almost half (48%) either don’t have, or aren’t sure if they have, data processing agreements set up with new cloud providers. This is an essential part of GDPR compliance, and ensures that any cloud apps are adhering to data privacy protection requirements when processing customer data.
Javvad Malik, security advocate at AlienVault, explains: “Cloud security is clearly still a thorn in the side for some organisations, with IT teams still struggling to monitor their environments effectively for security threats. In a separate AlienVault survey, we found that around a fifth of IT professionals don’t know how many cloud applications are being used within their organisations. This lack of visibility raises the question of how cloud-consuming organisations are going to cope with the requirements of GDPR if they don’t even know which apps are being used.”
The 72 Hour Rule: More Harm Than Good?
Article 33 of the GDPR legislation states that an organisation must report a data breach within 72 hours. The national data protection authority will then decide how much to fine the organisation for the breach; this could be up to 4% of the organisation’s global annual turnover, or over 20 million Euro, whichever is greater.
Half of respondents (50%) in the AlienVault survey believe that the 72 hour rule could do more harm than good. For example, people might try to cover up data breaches to avoid the fine, rather than reporting them in a…
Click here to read more