Gov.uk releases Cyber Security Breaches Survey 2018: Preparations for the new data Protection Act - Fujitsu comment
Gov.uk published its ‘Cyber Security Breaches Survey 2018: Preparations for the new data Protection Act’ which includes some really interesting stats that we thought we could use for a rapid response comment, such as:
· 38 percent of businesses and 44 percent of charities say they have heard of the GDPR
· Among those aware of GDPR, just over a quarter of businesses and of charities made changes to their operations in response to GDPR’s introduction
· Among those making changes, just under half of businesses, and just over one third of charities said these changes includes those to cyber security practices
In response to this, Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland commented on the news with:
“It is concerning to see that less than two-fifths (38%) of businesses have heard of the General Data Protection Regulation (GDPR). Especially when recent attacks have revealed the potential cost of suffering a major security breach is enormous and the threats that we face are only increasing. What’s more, with our latest report revealing that a fifth of the UK public believe cybercrime and hacking are the biggest challenges facing the UK today (above global economic uncertainty and the skills gap), each organisation has an obligation to make data protection as much of a priority as the public, who are regularly asked to hand over financial and other personal data.
“Today’s cyber criminals are bold and don’t care how much damage they cause to get what they want. And because organisational awareness of potential attacks is on the rise, online criminals are finding new and creative ways to dupe people into compromising sensitive financial and personal data. This means that “unusual behaviour” is getting harder to detect and might not seem unusual at all.
“With employees on the front line of this battle, more must be done to improve user awareness and training – especially of regulations like GDPR which should help gain more control of the data we all hold. Upskilling employees and making them more cyber aware is one of the most cost effective ways of reducing the probability and impact of human error. But it won’t work as a standalone policy. Organisations need to continue to invest in technical and security controls, whilst doing more to proactively identify and manage threats instead of waiting for breaches to happen. In today’s world, cybercrime is inevitable. How businesses plan for it, however, is what makes a difference.”