Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/24/2019
05:05 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

Many organizations find that getting their data privacy house in order is paying off.

It's been less than a year since the General Data Protection Regulation (GDPR) officially took effect, but a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year.

Cisco Systems' new Data Privacy Benchmark Study, based on data from 3,200 security professionals worldwide, found that nearly 60% of organizations have met most or all GDPR requirements, and close to 30% expect to do so within a year. GDPR, which became enforceable on May 28, 2018, provides a standard data privacy law for the European Union, imposing stricter rules on the control and use of personally identifiable information as well as giving users more control over their data.

The most GDPR-ready organizations suffered fewer data breaches in the last year (74%) than organizations that aren't as far along in their data privacy efforts, according to the study. Eighty percent of organizations less than a year from GDPR compliance were hit with a data breach, and nearly 90% of those who don't expect to be GDPR-ready for more than a year experienced data breaches.

GDPR readiness also helped minimize the number of data records exposed as well as the resulting costs: The firms that were readier had 79,000 files exposed, versus 212,000 in orgs less mature in their data privacy efforts. While 64% of the not-ready-for-GDPR firms lost more than $500,000 last year in data breach costs, just 37% of the GDPR-ready ones experienced that level of costs.

The European Union's regulation — which affects multinational firms worldwide — has been heating up of late: France's data privacy agency earlier this week fined Google some $57 million in penalties for failing to disclose how it gathers and uses personal information of users. This is the first major fine for a US tech company under the new privacy law.

Robert Waitman, director of data privacy at Cisco, says his firm's study also found that data privacy investments are helping to shorten sales cycles. "The length of delay has been cut in half now, which was surprising," he says. "It's shrunk so significantly because they are more experienced in answering companies' data privacy questions."

GDPR has its trade-offs, notes Waitman, but it's already making a difference with improved data privacy. "Reflected in the data [in this report] are these tangential benefits of getting your data house in order," he says.

Christian Vezina, CISO at OneSpan, says GDPR has upped the ante for due diligence of third parties when it comes to data privacy.

"Privacy is starting to be an important part of standard vendor assessment processes," Vezina says. "Service organizations having a higher level of privacy maturity will benefit from a shortened sales cycle, as they will be in a position not only to demonstrate their compliance, but to assist their customers in meeting their own compliance obligations."

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:22:30 PM
Re: GDPR compliance
@Kelly: Well, to look at the other side of things, what's the total cost of compliance in each case? And how many years down the road will the ROI be realized?

Compare the recent Google fine of fifty-something million dollars. They probably have that much in the company swear jar.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:19:48 PM
Re: GDPR compliance
Well, trust me, a lot of the EU DPAs weren't exactly sitting on their laurels when it came to enforcement/policing.

It's more an issue of the difference between the EU's approach to these matters and the US's approach to these matters (the latter being much more laissez-faire by comparison).
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:05:29 AM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data. Yes it seems so but but I expect that being charging while we gain more experience. Big companies will find loopholes quite easily.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:04:06 AM
Re: GDPR compliance
Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something. Makes sense. Companies will start firing back and try to win cases in the courts unfortunately.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:03:08 AM
Re: GDPR compliance
lot of organizations to do more than "check-the-box compliance" (which is what usually happens). This is really true. Most of the time showing that the box is checked is enough for many organizations.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:02:05 AM
Re: GDPR compliance
GDPR is the rare data-stewardship regulation I think one reason for that is it just not a regulation but the one that is enforced.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:00:08 AM
New study
a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year Positive results of a regulation? This certainly rarely happens. :-))
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
1/24/2019 | 6:06:10 PM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/24/2019 | 5:42:04 PM
GDPR compliance
GDPR is the rare data-stewardship regulation that (1) caused so much panic and (2) was so in-depth and broadly encompassing that it compelled a lot of organizations to do more than "check-the-box compliance" (which is what usually happens).

Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...