Research reveals 69 per cent of businesses are lacking in terms of proper data management, casting doubt on their ability to comply with GDPR
Keeping data secure remains a top priority for businesses, and as the General Data Protection Regulation (GDPR) comes into force on the 25th May 2018, there is an increased urgency to improve the way data is managed. However, despite this impending deadline and the rapidly evolving threat landscape, new research from managed services provider Claranet has found that many companies are still not managing their data as well as they could.
The research, which was conducted by Vanson Bourne who surveyed 750 IT decision-makers for Claranet’s Beyond Digital Transformation research report, identified that security is an area that many are struggling with. Worryingly, 69 per cent of respondents stated that they were not able to secure customer data effectively, with almost half (45 per cent) encountering challenges around securing customer details when trying to improve the digital user experience for customers. This points to a distinct lack of capability when it comes to managing security in a reliable manner.
Alongside this, the research found that IT teams are struggling to acquire the skills and expertise that are necessary in addressing this disparity. Four in ten (44 per cent) identified security as one of the biggest challenges facing their organisation’s IT department, the most-commonly-cited challenge by some margin, and 43 per cent stated that improving security is one of the priorities for their IT departments over the next 12 months.
Commenting on the findings, Michel Robert, Claranet’s UK Managing Director, said: “There can be little doubt that data security is the most pressing issue facing businesses today and that sound security practices are the foundation on which businesses are built, but our research confirms this is an area that most businesses are failing in. The GDPR is on our doorstep, but it is clear that many organisations have their work cut out if they are to comply with the regulation. Thinking more broadly, the fact that almost seven in ten organisations can’t guarantee the security of their customer data is particularly concerning.”
“Part of the problem derives from the fact that most internal IT teams don’t have the skills, expertise or the time to keep up with the rapidly changing threat landscape as it’s not their core business. Our research has shown that organisations are very much aware of this problem, but also that they are still some way away from solving it. Businesses will need to stay alert to changes to legislation and the nature of prevailing threats, compliance and legislation as more and more data is stored and analysed, but security can slide down the list of priorities, jostling with ‘keeping the lights on’ maintenance activities and innovation,” he continued.
To address these shortcomings, European businesses are set to ramp up their investments in IT security. According to the findings, the amount of money spent on IT security by European businesses is set to increase by a third (37 per cent) over the next three years, when compared to the last three. This is an encouraging sign, but organisations need to find a way of tackling these security concerns in a way that is both quick and effective.
Michel continued: “This focus on heavier investment in security bodes well for the future, and the fact that businesses are aware of where they are deficient means that they have the right mindset in place.
“However, it’s important to recognise that much still needs be done in terms of increasing cybersecurity capabilities at a pace rapid enough to ensure GDPR readiness and overall preparedness. Businesses are aware of the challenges they face, but the current level of available expertise can hold back initiatives. By working with expert third parties, businesses can rapidly gain an extra layer of cybersecurity expertise and identify vulnerabilities and priorities for improvement, which is essential for organisations looking to grow their operations without compromising security,” he concluded.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.