Given the recent news that the ICO’s own website failed to comply with GDPR guidelines, a new study from Tripwire has found non-compliance is actually widespread, with 14 percent of organisations failing to meet the 72-hour deadline to notify customers of a data breach.
The study surveyed security professionals attending Infosecurity Europe 2019 and also revealed 29 percent were unsure of how long it would take their organisation to identify, contain and eradicate a security threat, while eight percent admitted it would take them longer than three days.
“These results are fairly encouraging and indicate that knowledge about GDPR’s requirements around data breaches is spreading,” said Tim Erlin, VP, Product Management and Strategy at Tripwire. “There is still room for improvement, however. Anyone in an information security role should be familiar with the basic requirements of GDPR and what their responsibilities are. The biggest opportunities for improvement are around what constitutes a breach and how to respond to an incident.”
Other results from the survey include:
- 34 percent stated they either wouldn’t or were unsure as to whether they would report to authorities about data which was found left exposed through public cloud without evidence of it being exploited by bad actors
- 33 percent of security professionals were either unsure or thought a ransomware attack with no evidence of data stolen did not need to be reported to authorities
- 13 percent of respondents’ organisations either don’t have an incident response plan or did not update it for more than a year
- 15 percent of organisations don’t have incident response training in place for their employees
If you would like to view the full results from the study, please click here: https://www.tripwire.com/state-of-security/security-data-protection/report-infosecurity-europe-security-incidents/