No one wants to be in hot water when a data breach is discovered. So would you cover it up just for the chance to get away with not paying fines? Well, according to a report by nCipher Security, the answer is yes for 61% of IT leaders in the UK and for 71% of C-level.
Since the implementation of GDPR organisations have been under a greater obligation than ever to disclose data breaches. The GDPR provides for a 72-hour timeframe in which organisations need to disclose a breach after becoming aware of it.
nCipher Security surveyed 250 IT decision makers with responsibility for security purchases. Other than the above mentioned, key findings include:
- Only 28% of organizations provide security training when employees join, and this lack of immediate training leaves them at risk
- Only 63% of businesses update training with the newest security threats and repeat annually, leaving employees unprepared
- 83% have a plan in place if they were to become a victim of a data breach. This figure falls to 73% in businesses employing 1-249 people
- 77% of organisations have plans in place to revisit or update their business approach to cybersecurity, based on emerging or future technologies
- Despite 83% of organisations providing cyber training to staff at all levels, several factors are highlighted as major challenges to employee engagement
- 66% say that they were hampered by a lack of skilled resource in-house to conduct the training and were challenged by an unwillingness to change process and behaviors
- 55% of IT leaders pinpoint a lack of support from the board and wider C-suite as a challenge, as well as a lack of best practice guidelines to work towards and implement (63 percent)
- Cloud (63%) and Internet of Things (IoT)(62%) were revealed to be the emerging technologies most widely seen as a threat to organizations
- 30% of the average cybersecurity budget is spent on meeting compliance needs
- While 92% of respondents are aware of meeting compliance needs, just 32% completely understand how it builds on GDPR and 37% are unaware of how it will affect their organization