Rolling out new regulations is only the first step in dealing with Europe’s massive cybersecurity and data protection problems. Almost half of UK businesses which identify issues, discover one attack or security breach per month, according to the University of Portsmouth’s Cyber Security Breaches Survey (CSBS). Since 2018, the General Data Protection Regulation (GDPR) is the primary law protecting data and privacy, by establishing a framework for fining organisations which are lax in protecting consumers. More than a year after GDPR enactment, breaches still occur at unprecedented rates, and most corporations have yet to see fines for non-compliance. In 2019, that’s all about to change. Here are five reasons GDPR compliance is on the rise.
Officials realise that enforcing GDPR is essential for consumer protection. Forty-one companies have received fines from Germany for GDPR-related offences. The highest fine, $80000, penalised an organisation for failing to protect health information from public disclosure. In July, the London Stock Exchange fined British Airways: more than £205 million, for the airline’s failure to stop cyber criminals from diverting 500 000 BA customers to a fraudulent website, starting in June 2018. BA’s security breach compromised payment data, names, addresses, and other personal information. The UK Data Protection Authority says it is fining the Marriott £99 million for a data breach, exposing private information for 383 million guests. This included 30 million European Union residents.
Cybercrime prevention is one aspect of GDPR. Regulations also restrict data sharing and protect consumer privacy. France slapped Google with a £50 million GDPR fine for failing to disclose its process for gathering and using personal information. It’s the first massive fine under GDPR for a global technology company. Google also failed to obtain each user’s consent to personalise ads. The technology giant is not alone in its need to improve privacy and data protection.
According to the Wall Street Journal, Facebook faces a $5 billion US Federal Trade Commission (FTC) fine, after settling with the FTC over the user data scandal involving Cambridge Analytica, a third-party consulting firm. During the 2016 US presidential campaign, Cambridge Analytica acquired private data for tens of millions of Facebook’s users to create psychological profiles to sell to political campaigns. Facebook’s fine is the most significant civil penalty in FTC history for a technology company. Although not GDPR-related, the fine is a wake-up call for businesses to develop or enhance data protection policies.
Various drivers move entities to develop more robust cybersecurity plans. Corporations and charities which handle private consumer data run the risk of reputation damage, including the possibility of consumer boycotts and blacklisting. Facebook is still dealing with the aftermath from Cambridge Analytica and similar user data missteps. This caused outrage across the internet and on social media platforms, with some high-profile users, such as Cher, deleting their Facebook accounts.
Experiencing a breach is an incentive to change data protection policies. Cybercriminals accessed user data for more than 100 million Quora users. The question-and-answer website’s CEO Adam D’Angelo announced the malicious breach on a blog post. He alerted users of the issue which involved email addresses, passwords, user IDs and direct messages. Quora contracted a digital forensics firm to determine the precise impact of the cyberattack, enhancing internal security measures.
Highly publicised data breaches are fueling the desire for enhanced security protection measures. A recent cyberattack at SingHealth in Singapore compromised data for 1.5 million patients. When news outlets publicise information about high-profile attacks, they raise awareness about the need for secure information technology infrastructure. According to the CSBS, nearly 60 per cent of businesses give senior management updates on cybersecurity.
In fact, Forbes predicts that global cybersecurity spending will surpass $124 billion. Technology platforms are driving business growth and increasing competitiveness. As a result, security drivers, such as industry changes, security risks, and business needs, are critical concerns for organisations seeking to enhance online business interactions. New technologies are offering consumers convenience with online banking, service delivery, remote working and cloud computing. These operational changes are moving businesses toward greater cybersecurity to ensure seamless and secure internet experiences for users.
Most businesses and charities which handle sensitive information are aware of GDPR and its implications. GDPR is impacting the shift toward improving cybersecurity schemes because companies know they can receive a fine for non-compliance. CSBS respondents report that more than a third of entities are making changes in cybersecurity policies as a direct result of GDPR’s enactment and enforcement. These changes include staff training, updating systems, and improving processes.
GDPR is sparking greater engagement between corporate board members and internal data security professionals. Some organisations are reporting a greater consistency in maintaining encryption for sensitive files. Staff training and better communication about cybersecurity are ways in which organisations are protecting consumer data overall. These steps toward greater privacy and data protection are proportionate to a business’ ability to meet the growing need for security specialists. While experts project GDPR will have long-term positive effects on Europe’s cybersecurity landscape, the regulations are a starting point.
Skill shortages prevent some businesses from tackling security challenges and implementing processes which ensure consumer protection. The skill gap forces workers to take on the role of protecting digital assets without formal training. Thirty per cent of CSBS respondents send staff to training, and nearly half of the businesses outsource cybersecurity to enhance online protection. Security professionals assist in implementing vital protective measures, affecting data classification and a wide variety of document management processes for businesses seeking to mitigate risks.