GDPR Reduces Risk of Security Breach
If you’re still among the organizations that view the General Data Protection Regulation (GDPR) as nothing more than government overreach, it is probably time to rethink your position after some important findings in a recent study. According to Cisco’s 2019 Data Privacy Benchmark Study, organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments. The study validates the link between good privacy practice and business benefits as respondents fewer and less costly data breaches.
More than 3,200 global security and privacy professionals in 18 countries across major industries responded to the Cisco survey about their organizations’ privacy practices. One of the most important findings was with regard to data breaches: only 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000, compared with 64 percent of the least GDPR-ready companies.
While a majority of companies reported having a data breach in the last year, a lower percentage (74 percent) of the GDPR-ready companies were impacted, compared to 80 percent of the organizations less than a year from GDPR readiness and 89 percent of those that are farthest from being GDPR ready. Also, when breaches have occurred, fewer records were impacted, and system downtime was shorter (79,000 vs. 212,000 records).
Another tangible benefit from GDPR readiness is that it appears to lower the frequency and impact of data breaches. GDPR requires organizations to know where their personal identifiable information is located and provide appropriate protections for this data. These efforts may have helped organizations better understand their data, the risks associated with their data, and to establish or strengthen protections for that data.
GDPR-ready companies also experienced shorter system downtime associated with the breach, perhaps connected to better management of their data assets. GDPR-ready companies had an average system downtime of 6.4 hours versus 9.4 hours for organizations least ready for GDPR.
With the European Union now mandating companies become GDPR-ready, countless organizations are recognizing the benefits by default. When asked whether privacy investment was yielding benefits, 75 percent of all respondents identified two or more benefits such as greater agility and innovation, gaining a competitive advantage or achieving operational efficiency. These results highlight that privacy investment has created business value far beyond compliance and has become an important competitive advantage for many companies.
Take the next step to getting your organization GDPR compliant by contacting an IT consultant like 2W Tech for help with your regulatory needs. 2W Tech has a Cybersecurity Compliance Program that is designed to support our client’s compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.