CIOs Fear Fines From New EU Data Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Almost 90% of CIOs are concerned that their current security policies and procedures are putting them at risk of serious fines under new European data protection laws, according to a new study from Egress Software Technologies.

The encryption services provider claimed that 87% of the IT leaders it spoke to from companies with more than 1,000 employees were worried their firm was at risk of fines of up to 4% of annual turnover, according to strict new penalties levied by the European General Data Protection Regulation (GDPR).

In addition, over three-quarters (77%) of respondents said they were frustrated that staff failed to use technology like encryption made available to them to ensure they work more securely.

Egress CEO, Tony Pepper, claimed users often find ways to bypass security measures and “take the risk” if they think these tools will slow down business processes.

“Another problem is that IT is often as resistant as users. As the research shows, ease of deployment is a big driver for selecting what technology gets prioritized and dealing with users is often a bit of a headache,” he told Infosecurity.

“This is creating a real barrier to deployment. When asked to describe discussions they had had around deploying encryption-based secure communication solutions – such as email encryption – almost half of the respondents said they thought users would find it too complicated and it’d create a help desk nightmare.”

The study also appeared to reveal that the series of high profile attacks publicized in the media over the past year are having an effect on security policy.

Some 49% of respondents said they prioritize external threats, while just 20% focus mainly on accidental breaches from within – despite the latter accounting for the vast majority of incidents.

Pepper argued that IT leaders must make security “invisible to the user” so that it’s seamlessly integrated into the everyday tools they’re used to using – but added that “technology is really just half the battle.”

“If you want people to adopt security you need to make them understand why – the education piece is vital. This could be someone sending an email, but equally it could be making them understand why they should not click on a phishing email,” he argued.

“This also includes having clear policies and procedures around data, so that everyone knows exactly what level of information assurance should be applied in each situation. There should be no ambiguity.”

Infosecurity:

« Is Breach Notification Part Of Your Response Plan?
UK Surveillance Powers Bill Could Force Startups To Build In Backdoors »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.