In four months, the GDPR will start being enforced and according to a study by Egress
Software Technologies, concern among CIOs has reached an all new high. Data breaches are in the news and with the GDPR promising enormous fines for non-compliance – when added to the risk of falling stock value, customer trust or even a class action lawsuit – 2018 may be a stressful year for some CIOs
Panic on the streets
Now that the GDPR launch date looming, it’s comes as no surprise that 87% of CIOs are worried about how it will affect their organization, and how they’ll provide measures to secure their sensitive data. Is it even possible to prevent a cyber attack? Or at least be able to demonstrate reasonable safeguards in case a breach occurs?
Priorities from concerns
When asked to list priorities their priorities for GDPR compliance, a whopping 40% of CIOs named external threats as being their main focus, with 21.5% being more concerned about insider threats and a fraction less worried about an accidental data loss (21%). Only 9.5% of those asked were concerned about a breach relating to technology malfunction. To fully take on the GDPR, it seems CIOs will need a comprehensive cure to all of these concerns, as well as total insight into all data stored on citizens from all 28 EU countries.
You can lead a horse to water
Simply adding another piece of technology to a app-crowded workplace has generally been a quick fix, but according to the Egress report, 77% of CIOs had huge concerns about how employees use (or not use) the technology they provide to securely share content. Trying to get employees to follow the CIOs guidelines can often be as hard as creating the guidelines in the first place, with many citing communication as the main culprit.
Whatever solution a CIO explores to address GDPR, it must be designed for end users beyond the IT department and work in harmony with popular industry applications. The best way for employees to adopt secure collaboration is when it’s embedded in the core of the digital workspace, instead of an added extra that can simply be bypassed.
The quick fix conundrum
Another interesting statistic in the research revealed that 83.5% of CIOs prioritise ease of deployment when choosing a GDPR solution. Some of the deployment issues they raised included increased pressure on IT support (44%), disruption to work processes (31.5%) and complicated integrations (23%). The struggle is finding a solution that can be deployed with minimal cost and disruption, but with many businesses storing data across the globe in siloed repositories, not to mention files stored in the cloud, updating systems for GDPR may prove too troublesome for some.
Think beyond compliance
Unfortunately, data compliance won’t automatically mean a company is safe from data loss. Many organizations with the latest technologies have still suffered costly data breaches. There are so many ways in which a company can fall foul of data protocols that focusing only on compliance may prove detrimental in the long run.
A real bullet-proof approach to data protection should derive from the daily strategies, activities and business arrangements of a company as a whole. According to CEO of Egress Tony Pepper the “solution is making security as easy to use as possible. If security makes processes more complicated or time-consuming people will find a way to avoid it; if it’s seamlessly integrated into the everyday tools they are used to handling then they will have no reason to resist.”
Concerns are good, but are they correct?
While concern about GDPR is valid, the report by Egress seems to show that much of the concern may be in the wrong places. Despite the fear of having sensitive data exposed by employees, only 20% of CIOs are focusing on accidental breaches. A pretty low percentage when you consider figures obtained from the ICO, via a Freedom of Information (FOI) revealed that 93% of breaches are the result of human error. It could be said that CIOs are concentrating their efforts too much on outside threats to their networks.
When the biggest vulnerability stems from internal error or lack of process, it seems counterproductive to focus a majority of efforts on preventing an external breach. When you consider the (seemingly) endless reports of accidental data breaches and the human error involved, it becomes clear that many CIOs are placing their concerns in the wrong places.