A year to go to GDPR - data and comment from Webroot
May 2017 by Adam Nash at Webroot
With a year to go until GDPR regulations come into force, I thought you might be interested in some comment and new data from Webroot, a security specialist.
Via a survey of 501 UK SMBs conducted in April, Webroot has found that although awareness of GDPR regulation is high among senior management at UK SMBs many have not yet started the process of becoming compliant. Additionally, a majority of UK SMBs don’t think that customer data will be any more secure thanks to the legislation, and over half don’t feel at risk of cyberattack.
Adam Nash at Webroot made the following comment:
“With 12 months to go it’s clear that SMBs in particular need to urgently focus their attention on both this issue and their wider cybersecurity posture. Webroot has found that despite 81% of UK SMBs being aware of the regulation, 20% of them have not yet started to prepare for GDPR, showing that SMBs aren’t taking compliance seriously enough.
“The fines and sanctions that can be levied for failure to comply means this needs to be a focus for SMBs. They must also consider the business impact if they are working with larger organisations that expect their suppliers to demonstrate accountability and compliance under GDPR.
“Webroot also found that three quarters (73%) do not believe customer data will be any safer due to GDPR, and 51% thought they weren’t at risk of cyberattack. This underlines the lack of understanding that prevails in SMBs toward cybersecurity, despite huge attacks such as WannaCry making the headlines.
“A number of security measures should be considered by SMBs preparing for the legislation. Firstly, they should ensure that they are minimising the risk of falling victim to cyberattack by using the most up to date security measures. Businesses can further help themselves by creating an information security policy that includes data protection measures, and by making sure that any personal data is encrypted. Lastly, appropriate measures should be in place to alert security teams of any problems, so they can act quickly to remediate them.”