CIOs Fear Fines From New EU Data Laws

Almost 90% of CIOs are concerned that their current security policies and procedures are putting them at risk of serious fines under new European data protection laws, according to a new study from Egress Software Technologies.

The encryption services provider claimed that 87% of the IT leaders it spoke to from companies with more than 1,000 employees were worried their firm was at risk of fines of up to 4% of annual turnover, according to strict new penalties levied by the European General Data Protection Regulation (GDPR).

In addition, over three-quarters (77%) of respondents said they were frustrated that staff failed to use technology like encryption made available to them to ensure they work more securely.

Egress CEO, Tony Pepper, claimed users often find ways to bypass security measures and “take the risk” if they think these tools will slow down business processes.

“Another problem is that IT is often as resistant as users. As the research shows, ease of deployment is a big driver for selecting what technology gets prioritized and dealing with users is often a bit of a headache,” he told Infosecurity.

“This is creating a real barrier to deployment. When asked to describe discussions they had had around deploying encryption-based secure communication solutions – such as email encryption – almost half of the respondents said they thought users would find it too complicated and it’d create a help desk nightmare.”

The study also appeared to reveal that the series of high profile attacks publicized in the media over the past year are having an effect on security policy.

Some 49% of respondents said they prioritize external threats, while just 20% focus mainly on accidental breaches from within – despite the latter accounting for the vast majority of incidents.

Pepper argued that IT leaders must make security “invisible to the user” so that it’s seamlessly integrated into the everyday tools they’re used to using – but added that “technology is really just half the battle.”

“If you want people to adopt security you need to make them understand why – the education piece is vital. This could be someone sending an email, but equally it could be making them understand why they should not click on a phishing email,” he argued.

“This also includes having clear policies and procedures around data, so that everyone knows exactly what level of information assurance should be applied in each situation. There should be no ambiguity.”

Infosecurity:

« Is Breach Notification Part Of Your Response Plan?
UK Surveillance Powers Bill Could Force Startups To Build In Backdoors »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Breathe Technology

Breathe Technology

Breathe Technology has been providing Managed IT Support/ Service Desk, Cloud Services, Cyber Security & Communications to businesses and schools since 2003.

Neo Auth

Neo Auth

Neo Auth is an identity and access management solution to help organizations optimize their cybersecurity processes.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.