In particular, 29 % of businesses have been cited by a regulatory body for failure to comply with security regulations in the last 24 months. Regulatory fines are considered more damaging than customer lawsuits, negative publicity and reduced sales. 28% of organizations said regulatory fines are the most damaging consequence of being cited for a regulatory violation, followed by customer lawsuits (22%), negative publicity (20%) and reduced sales (8%).
Despite the EU GDPRs requirement to notify regulatory authorities of a data breach within 72 hours, 13% of the surveyed IT professionals admitted it takes between one month and one year to do so. Also, 16% of businesses take between one and six months to detect a security threat and 5% only detect a threat when notified by external parties.
Although C-suite interest in data governance is increasing, visibility proves challenging. While its good news that 76% of C-suite and board-level executives review and assess regulatory compliance with state, federal and international data protection laws, 12% do so infrequently (between one and three years).
ISO and NIST data protection guidelines are rising in importance. 88% of the surveyed IT professionals consider ISO and NIST guidelines to be either very important or important. Yet, 28% of organizations have been hit by a data breach in the last 12 months.
The Data Protection: Prioritizing Regulations & Guidelines research study was fielded in October 2016 to 460 IT professionals in the United States, Canada, Mexico, United Kingdom, France, Germany, India, Japan and China.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now