Less than half of global executives believe GDPR compliance is relevant to their business, while a fifth admit they don't know - NTT Security Risk:Value report shows
(Thomson Reuters ONE) -
Concerning numbers admit they do not know where corporate data is stored, or if
all of their critical data is securely stored
LONDON, July 10, 2017 (GLOBE NEWSWIRE) -- Many global business decision makers
are unaware of the implications of the forthcoming General Data Protection
Regulation (GDPR), as well as other compliance regulations like PCI-DSS and
ISO27001/2, with one in five admitting they do not know which regulations their
organization is subject to. This is according to the 2017 Risk:Value report,
commissioned by NTT Security, the specialized security company of NTT Group,
which looks at attitudes to risk and the value of information security to the
business.
The survey of 1,350 non-IT executives across 11 countries, reveals that just
four in ten (40%) respondents globally believe their organization will be
subject to the EU GDPR. Perhaps of most concern is the one in five (19%) who
admit they don't know which compliance regulations they are subject to. In the
UK, just 39% of respondents currently identify GDPR as a compliance issue, and
20% admit they don't know, while those outside of Europe are even less aware.
Just a quarter of business decision makers in the US, 26% in Australia, and 29%
in Hong Kong believe they are subject to the GDPR, despite the fact it will
apply to any business holding or collecting data on European citizens.
Coming into force on 25 May 2018, the legislation leaves companies with less
than a year to comply with strict new regulations around data privacy and
security and could result in penalties of up to ?20 million or 4% of global
annual turnover, whichever is higher
With data management and storage a key component of the GDPR,
the Risk:Value report also reveals that a third of respondents do not know where
their organization's data is stored, while just 47% say all of their critical
data is securely stored. Of those that know where their data is, fewer than half
(45%) describe themselves as 'definitely aware' of how new regulations will
affect their organization's data storage. Those in Financial Services & Banking
and Computer Services & Technology are most likely to know where their data is
stored and which compliance regulations they are subject to.
"In an uncertain world, there is one thing organizations can be sure of and
that's the need to mark the date of 25 May 2018 in their calendars," according
to Garry Sidaway, SVP Security Strategy & Alliances at NTT Security. "While the
GDPR is a European data protection initiative, the impact will be felt right
across the world for anyone who collects or retains personally identifiable data
from any individual in Europe. Our report clearly indicates that a significant
number do not yet have it on their radar or are ignoring it. Unfortunately many
organizations see compliance as a costly exercise that delivers little or no
value, however, without it, they could find themselves losing business as a
result, or paying large regulatory fines."
Quantifying the threat - reputation, revenue and resignations
* One in eight respondents believe that poor information security is the
'single greatest risk' to the business. The most commonly reported risk is
'competitors taking market share' (28%).
* According to Risk:Value, 57% of decision makers believe a data breach is
inevitable at some point.
* The impact of a breach will be two-fold, with respondents expecting a breach
to affect their long-term ability to do business, together with short-term
financial losses. More than half (55%) cite loss of customer confidence,
damage to reputation (51%) and financial loss (43%), while 13% admit staff
losses and 9% say senior executive resignations would impact them.
* The estimated cost of recovery, on average, has increased from $907,000 in
2015 to $1.35m in 2017.
* The estimated impact on revenue has decreased from 12.51% in 2015, but is
still a significant 9.95%.
* Only just over half (56%) of decision makers report that preventing a
security attack is a regular item on the board agenda, suggesting that more
needs to be done to get it taken seriously at a boardroom level.
* Respondents estimate on average that only 15% of their organization's IT
budget is spent on information security - although this figure has gone up
from 13% in 2015 and 10% in 2014. Many report that they spend less on
security than on R&D (31%), sales (28%), and marketing (27%).
The need to drive a culture of security
* 56% of business decision makers say their organization has a formal
information security policy in place, up from 52% in 2015. Just over a
quarter (27%) are in the process of implementing one - 1% have no policy or
plans to implement one.
* However, while the vast majority (79%) say their security policy has been
actively communicated internally, a minority (39%) says employees are fully
aware of it. Germany and Austria (85%) are above average in communicating
the policy, together with the US (84%) and the UK (83%).
* The percentage of respondents with an official information policy is
unevenly distributed on a per-country basis. In Sweden the figure is just
30%, while in the UK, 72% claim an official policy. By sector, healthcare
leads the way, with 69% of companies claiming an official information
security policy. Finance comes a close second (66%).
* Less than half (48%) of organizations have an incident response plan,
although 31% are implementing one. But just 47% of decision maker
respondents are fully aware of what the incident response plan includes.
Download the 2017 Risk:Value report: www.nttsecurity.com/RiskValue2017.
For
additional Risk:Value resources: https://www.nttcomsecurity.com/en/templates/Wid
eangleLandingPage.aspx?p=2875&pv=14629.
Notes for editors:
Research demographics
Commissioned by NTT Security, the 2017 Risk:Value research was conducted by
Vanson Bourne in March to May 2017. 1,350 non-IT business decision makers (35%
at C-level) were surveyed in the US, UK, Germany and Austria, Switzerland,
France, Sweden, Norway, Hong Kong, Australia and Singapore. Organizations had
more than 500 employees and were selected across a number of core industry
sectors. Approximately a third of responses came from the financial services
sector.
About Vanson Bourne
Vanson Bourne is an independent specialist in market research for the technology
sector. Our reputation for robust and credible research-based analysis, is
founded upon rigorous research principles and our ability to seek the opinions
of senior decision makers across technical and business functions, in all
business sectors and all major markets. For more information,
visit www.vansonbourne.com.
About NTT Security
NTT Security is the specialized security company of NTT Group. With embedded
security we enable Group companies (Dimension Data, NTT Communications and NTT
DATA) to deliver resilient business solutions for clients' digital
transformation needs. NTT Security has 10 SOCs, seven R&D centers, over 1,500
security experts and handles hundreds of thousands of security incidents
annually across six continents.
NTT Security ensures that resources are used effectively by delivering the right
mix of consulting and managed services for NTT Group companies - making best use
of local resources and leveraging our global capabilities. NTT Security is part
of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the
largest ICT companies in the world. Visit nttsecurity.com to learn more.
For further information, contact Press Office, t. press(at)nttsecurity.com or visit
www.nttsecurity.com.
This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: NTT Security (UK) Ltd via GlobeNewswire
Datum: 10.07.2017 - 10:00 Uhr
Sprache: Deutsch
News-ID 551557
Anzahl Zeichen: 8941
contact information:
Town:
Reading
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 180 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Less than half of global executives believe GDPR compliance is relevant to their business, while a fifth admit they don't know - NTT Security Risk:Value report shows"
steht unter der journalistisch-redaktionellen Verantwortung von
NTT Security (UK) Ltd (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
