Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

0
107
Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms


Many organizations find that getting their data privacy house in order is paying off.

It’s been less than a year since the General Data Protection Regulation (GDPR) officially took effect, but a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year.

Cisco Systems’ new Data Privacy Benchmark Study, based on data from 3,200 security professionals worldwide, found that nearly 60% of organizations have met most or all GDPR requirements, and close to 30% expect to do so within a year. GDPR, which became enforceable on May 28, 2018, provides a standard data privacy law for the European Union, imposing stricter rules on the control and use of personally identifiable information as well as giving users more control over their data.

The most GDPR-ready organizations suffered fewer data breaches in the last year (74%) than organizations that aren’t as far along in their data privacy efforts, according to the study. Eighty percent of organizations less than a year from GDPR compliance were hit with a data breach, and nearly 90% of those who don’t expect to be GDPR-ready for more than a year experienced data breaches.

GDPR readiness also helped minimize the number of data records exposed as well as the resulting costs: The firms that were readier had 79,000 files exposed, versus 212,000 in orgs less mature in their data privacy efforts. While 64% of the not-ready-for-GDPR firms lost more than $500,000 last year in data breach costs, just 37% of the GDPR-ready ones experienced that level of costs.

The European Union’s regulation — which affects multinational firms worldwide — has been heating up of late: France’s data privacy agency earlier this week fined Google some $57 million in penalties for failing to disclose how it gathers and uses personal information of users. This is the first major fine for a US tech company under the new privacy law.

Robert Waitman, director of data privacy at Cisco, says his firm’s study also found that data privacy investments are helping to shorten sales cycles. “The length of delay has been cut in half now, which was surprising,” he says. “It’s shrunk so significantly because they are more experienced in answering companies’ data privacy questions.”

GDPR has its trade-offs, notes Waitman, but it’s already making a difference with improved data privacy. “Reflected in the data [in this report] are these tangential benefits of getting your data house in order,” he says.

Christian Vezina, CISO at OneSpan, says GDPR has upped the ante for due diligence of third parties when it comes to data privacy.

“Privacy is starting to be an important part of standard vendor assessment processes,” Vezina says. “Service organizations having a higher level of privacy maturity will benefit from a shortened sales cycle, as they will be in a position not only to demonstrate their compliance, but to assist their customers in meeting their own compliance obligations.”

Related Content:

  • 6 Ways to Strengthen Your GDPR Compliance Efforts
  • GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First
  • The High Costs of GDPR Compliance
  • 6 Security Investments You May Be Wasting

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

More Insights

Comments

50%

50%

Re: GDPR compliance

@Kelly: Well, to look at the other side of things, what’s the total cost of compliance in each case? And how many years down the road will the ROI be realized?

Compare the recent Google fine of fifty-something million dollars. They probably have that much in the company swear jar.

50%

50%

Re: GDPR compliance

Well, trust me, a lot of the EU DPAs weren’t exactly sitting on their laurels when it came to enforcement/policing.

It’s more an issue of the difference between the EU’s approach to these matters and the US’s approach to these matters (the latter being much more laissez-faire by comparison).

100%

0%

Dr.T,

User Rank: Ninja
1/29/2019 | 11:05:29 AM

Re: GDPR compliance

“Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data.“
Yes it seems so but but I expect that being charging while we gain more experience. Big companies will find loopholes quite easily.

50%

50%

Dr.T,

User Rank: Ninja
1/29/2019 | 11:04:06 AM

Re: GDPR compliance

“Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something.”
Makes sense. Companies will start firing back and try to win cases in the courts unfortunately.

50%

50%

Dr.T,

User Rank: Ninja
1/29/2019 | 11:03:08 AM

Re: GDPR compliance

“lot of organizations to do more than “check-the-box compliance” (which is what usually happens).”
This is really true. Most of the time showing that the box is checked is enough for many organizations.

50%

50%

Dr.T,

User Rank: Ninja
1/29/2019 | 11:02:05 AM

Re: GDPR compliance

“GDPR is the rare data-stewardship regulation”
I think one reason for that is it just not a regulation but the one that is enforced.

50%

50%

Dr.T,

User Rank: Ninja
1/29/2019 | 11:00:08 AM

New study

“a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year”
Positive results of a regulation? This certainly rarely happens. :-))

50%

50%

Re: GDPR compliance

Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data.

50%

50%

GDPR compliance

GDPR is the rare data-stewardship regulation that (1) caused so much panic and (2) was so in-depth and broadly encompassing that it compelled a lot of organizations to do more than “check-the-box compliance” (which is what usually happens).

Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something.

Flash Poll

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2019-6109

PUBLISHED:2019-01-31

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This af…

CVE-2019-6110

PUBLISHED:2019-01-31

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVE-2019-6111

PUBLISHED:2019-01-31

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented)….

CVE-2019-7282

PUBLISHED:2019-01-31

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.

CVE-2019-7283

PUBLISHED:2019-01-31

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite a…

Read More

LEAVE A REPLY

Please enter your comment!
Please enter your name here