Business Leaders Overconfident in Cybersecurity, Survey Finds
Confidence is an admirable quality. One could even argue it’s a necessary characteristic of modern business leaders. However, new Trend Micro study reveals that too much confidence can lead to a false sense of security.
The release of the Trend Micro survey coincides with enterprise anticipation of the General Data Protection Regulation (GDPR) and the Notifiable Data Breaches Act. As it turns out, that anticipation hasn’t yet inspired widespread preparation. Here’s a contrasting look at how those surveyed think they’re adequately prepared and how prepared they actually are.
Awareness Falls Short
Case in point, an overwhelming majority of respondents — 95 percent, to be exact — understood the need for their organization to comply with GDPR yet were still unable to identify critical requirements of the regulation
The survey found 85 percent claimed to have reviewed compliance guidelines, but an unsettling 64 percent were caught off guard when told that a customer’s date of birth is considered personally identifiable information. These same, confident business leaders were further unaware that marketing databases fell into the same category.
This overconfidence opens the door to identity theft and potential fines for organizations that don’t comply.
“These results indicate that businesses are not as prepared or secure, as they believe themselves to be,” Trend Micro stated. “Regardless, this data provides [cybercriminals] with all they need to commit identity theft, and any business not properly protecting this information is at risk of a penalty fine.”
With up to 20 million euros in fines — or 4 percent of annual turnover — for organizations who fail to comply with next year’s GDPR, now is the time to reevaluate preparedness. Considering that only about one-third of those surveyed already implemented advanced capabilities to identify intruders, implement data leak prevention technology and deploy encryption technologies, enterprises have their work cut out for them when it comes to ensuring their cybersecurity efforts meet expectations.