CIOs voicing concerns ahead of new EU legislation on data protection

CIOs voicing concerns ahead of new EU legislation on data protection

​The impending introduction of the European Union's General Protection could risk leaving corporate systems exposed to data breaches.

That is the view of 87 per cent of chief information officers, who responded to the recent survey from Egress Software Technologies.

The new measures, first devised in December 2015, will apply to all organisations handling the sensitive personal data of anyone living in the EU, even if the company itself is based elsewhere in the world.

Under the measures, companies will be required to report any breaches to their system within 72 hours, while any organisations found guilty of putting sensitive data at risk would face being fined four per cent of their global turnover.

The measures come after a string of high-profile breaches throughout 2015, thrusting the issue of data security under the media spotlight, while also influencing boardroom decisions on how to approach the issue.

Nearly half of board-level information security policies are now focusing on external threats, while only 20 per cent are geared towards an accidental breach.

Ease of deployment previously favoured

When the survey looked closer at some of the reasons behind prioritisation of data security solutions, it found that 83 per cent of respondents would deploy technology based on how easy it was to implement as opposed to its actual ability to secure data.

Potential pressure points include IT helpdesks, as well as a heavy workload on work processes and increasingly complicated integrations.

Internal barriers

As a result, the research suggests there is little appetite to tackle the issue of data security head on, with experts warning that a number of businesses may leave themselves exposed.

Egress chief executive Tony Pepper, said: “At a board level, these results demonstrate a concerning disconnect with reality.

"ICO statistics demonstrate that 93 per cent of data security breaches occurs as a result of human error – that is, people making mistakes when sharing sensitive information, poor processes and systems in place, and overall lack of care when handling data.

"Consequently, the emphasis being placed on cyber-attacks has the potential to become a distraction for many organisations. To date, much of the private sector has not been mandated to disclose breach incidents, but that is changing. And the results show that now they could be heading for trouble.”

Those findings have been compounded by the fact that more than three-quarters of CIOs are getting frustrated that while the right technology is available, including encryption platforms, many employees are either using them incorrectly or not at all.

That will all have to change by 2018, with affected companies having to ensure they comply with the new measures.