Security executives working in healthcare and finance report the most resistance to GDPR, according to survey of 302 C-level security executives conducted by Netspaker. With Friday’s GDPR deadline looming overhead, fifty-seven percent of C-Level executives are re-engineering internal systems and procedures ahead of May 25.
The survey of more than 300 C-level security executives, conducted online by Propeller Insights on behalf of Netsparker in March 2018, found that companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved.
For healthcare companies, only 14 percent have completed 25 percent of the GDPR compliance process, and 7 percent are unlikely to be GDPR-compliant by May 25. In preparation for GDPR, 57 percent of companies are re-engineering internal systems and procedures, 55 percent are recruiting new people specifically to tackle GDPR compliance, and 48 percent are re-engineering internal security teams.
“People are taking GDPR seriously because of how many high-profile data breaches we have all witnessed in the last few years,” said Ferruh Mavituna, CEO of Netsparker. “In the past, blame for data breaches was shifted around from party to party. Was it the business? The individual? The government? GDPR removes the ambiguity. As of May 25, businesses are responsible for data breaches. As a result, companies will have to restructure how they handle data, and, if they don’t have a sound IT infrastructure, they will have to rebuild from the ground up. It’s heartening to see that so many companies are taking themselves to task.”
