Arraya Insights | February 18, 2019
Estimates vary as to how many organizations globally consider themselves compliant with the European Union’s General Data Protection Regulation (GDPR). One thing is for sure, organizations who have yet to cross that line have plenty of motivation to do so soon. Just last month, Google became the first major tech company dinged under GDPR. The CNIL, France’s independent data privacy regulatory body, hit Google with a roughly $57 million fine for failing to keep customers informed about how their data is used or provide sufficient clarity into the company’s data consent policies. When it comes to achieving GDPR compliance, however, the benefits go beyond avoiding fines.
In the first entry of its 2019 Cyber Security Series – entitled Maximizing the value of your data privacy investments – Cisco argued data privacy spend has paid off in numerous, and even unexpected, ways. These perks are not unique to GDPR compliance. They are a byproduct of investing in the people, processes and tools needed for smarter, more secure data stores.
Here are three of the more surprising ways in which organizations have benefited from their data privacy spend.
Benefit #1: Shorter sales cycles
Maybe it’s the steady march of high-profile data breaches, but customers appear to be honing in on security. In Cisco’s study, almost 9-in-10 (87%) participants reported experiencing sales delays stemming from customer data privacy concerns. In the 2017 version of the study, just 66% of organizations reported that same hesitation.
Here’s the thing, organizations able to demonstrate a higher degree of GDPR preparedness actually experienced shorter delays. Those currently ready for GDPR saw delays of 3.4 weeks. Among organizations roughly a year out from GDPR-readiness, delays went up to 4.5 weeks. For those more than a year away? Try an average of 5.4 weeks.
Product or service quality will always be important to the sales process. Still, it clearly doesn’t hurt to be able to quickly demonstrate a data privacy-centric mindset.
Benefit #2: Lower impact security incidents
As far as data breaches go, there was good news in 2018 and there was bad news. On the positive side of things, the total number of breaches decreased by 23% last year according to the Identity Theft Resource Center. Now for the bad news: Attackers managed to steal 447 million total consumer records in 2018, an increase of 126%. So, even though the bad guys won less, when they did, they won big.
Cisco’s research also looked at the impact of GDPR preparedness on incident severity. It found organizations that consider themselves GDPR-ready reported having an average of 79,000 records impacted by a data breach. Compare that to 100,000 for organizations less than a year out and 212,000 for companies more than a year away.
Furthermore, GDPR-ready companies suffered an average of 6.4 weeks of downtime due to incidents and just 37% of those organizations faced a loss of $500K or more. In both instances, those figures increase dramatically as GDPR-readiness decreases. Businesses more than a year away saw an average of 9.4 weeks of downtime and 64% faced a loss equal to or greater than $500K.
As Tom Clerici, our Cyber Security Practice Director, likes to point out, compliance and security don’t always travel hand-in-hand. That doesn’t mean they’re total strangers either. An increased awareness of – and willingness to invest in – security concerns can pay off.
Benefit #3: Fewer data breaches overall
There’s no such thing as a cyber security silver bullet. Even organizations that make all the right moves can have their efforts undone by a moment of human error. Organizations that have prioritized GDPR readiness have at least taken steps to reduce the likelihood of an incident, according to Cisco’s findings.
The organization’s researchers noted that the probability of a GDPR-compliant organization suffering a data breach sat at 74%. That’s not bad when compared to less-ready businesses. Companies less than a year out have an 80% probability of suffering a breach while those more than a year out have an 89% chance.
Given the harder-to-quantify risks of a data breach, such as a loss of customer confidence, any chance to reduce the likelihood of an attack seems worth looking into.
Next Steps: Achieving GDPR compliance and true data security
If your organization is still working toward GDPR compliance, or is unsure of how to get there, don’t worry, you’re not alone. Given the risks – fines for non-compliance with GDPR can go as high as 4% of annual global turnover or $20 million – the sooner you reach that goal, the better. Arraya has the tools and expertise needed to help your organization get in step with GDPR.
Our Cyber Security team can perform a comprehensive GDPR Preparedness Workshop. This two hour engagement will help determine if your company falls under its widening regulatory umbrella, identify regulatory shortfalls, and recommend improvements to boost not only compliance, but cyber security postures as a whole. Visit https://www.arrayasolutions.com/contact-us/ to schedule your session now or to connect with our Cyber Security team.
As always, feel free to leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Remember to follow us to stay up to date on our industry insights and unique IT learning opportunities.