CIOs Fear Fines From New EU Data Laws

Almost 90% of CIOs are concerned that their current security policies and procedures are putting them at risk of serious fines under new European data protection laws, according to a new study from Egress Software Technologies.

The encryption services provider claimed that 87% of the IT leaders it spoke to from companies with more than 1,000 employees were worried their firm was at risk of fines of up to 4% of annual turnover, according to strict new penalties levied by the European General Data Protection Regulation (GDPR).

In addition, over three-quarters (77%) of respondents said they were frustrated that staff failed to use technology like encryption made available to them to ensure they work more securely.

Egress CEO, Tony Pepper, claimed users often find ways to bypass security measures and “take the risk” if they think these tools will slow down business processes.

“Another problem is that IT is often as resistant as users. As the research shows, ease of deployment is a big driver for selecting what technology gets prioritized and dealing with users is often a bit of a headache,” he told Infosecurity.

“This is creating a real barrier to deployment. When asked to describe discussions they had had around deploying encryption-based secure communication solutions – such as email encryption – almost half of the respondents said they thought users would find it too complicated and it’d create a help desk nightmare.”

The study also appeared to reveal that the series of high profile attacks publicized in the media over the past year are having an effect on security policy.

Some 49% of respondents said they prioritize external threats, while just 20% focus mainly on accidental breaches from within – despite the latter accounting for the vast majority of incidents.

Pepper argued that IT leaders must make security “invisible to the user” so that it’s seamlessly integrated into the everyday tools they’re used to using – but added that “technology is really just half the battle.”

“If you want people to adopt security you need to make them understand why – the education piece is vital. This could be someone sending an email, but equally it could be making them understand why they should not click on a phishing email,” he argued.

“This also includes having clear policies and procedures around data, so that everyone knows exactly what level of information assurance should be applied in each situation. There should be no ambiguity.”

Infosecurity:

« Is Breach Notification Part Of Your Response Plan?
UK Surveillance Powers Bill Could Force Startups To Build In Backdoors »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

PKF Infuse

PKF Infuse

PKF Infuse provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

Spirit Technology Solutions

Spirit Technology Solutions

Spirit Technology Solutions is a modern workplace services provider committed to delivering solutions that embody our core principles of security, sustainability, and scalability.