Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/24/2019
05:05 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

Many organizations find that getting their data privacy house in order is paying off.

It's been less than a year since the General Data Protection Regulation (GDPR) officially took effect, but a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year.

Cisco Systems' new Data Privacy Benchmark Study, based on data from 3,200 security professionals worldwide, found that nearly 60% of organizations have met most or all GDPR requirements, and close to 30% expect to do so within a year. GDPR, which became enforceable on May 28, 2018, provides a standard data privacy law for the European Union, imposing stricter rules on the control and use of personally identifiable information as well as giving users more control over their data.

The most GDPR-ready organizations suffered fewer data breaches in the last year (74%) than organizations that aren't as far along in their data privacy efforts, according to the study. Eighty percent of organizations less than a year from GDPR compliance were hit with a data breach, and nearly 90% of those who don't expect to be GDPR-ready for more than a year experienced data breaches.

GDPR readiness also helped minimize the number of data records exposed as well as the resulting costs: The firms that were readier had 79,000 files exposed, versus 212,000 in orgs less mature in their data privacy efforts. While 64% of the not-ready-for-GDPR firms lost more than $500,000 last year in data breach costs, just 37% of the GDPR-ready ones experienced that level of costs.

The European Union's regulation — which affects multinational firms worldwide — has been heating up of late: France's data privacy agency earlier this week fined Google some $57 million in penalties for failing to disclose how it gathers and uses personal information of users. This is the first major fine for a US tech company under the new privacy law.

Robert Waitman, director of data privacy at Cisco, says his firm's study also found that data privacy investments are helping to shorten sales cycles. "The length of delay has been cut in half now, which was surprising," he says. "It's shrunk so significantly because they are more experienced in answering companies' data privacy questions."

GDPR has its trade-offs, notes Waitman, but it's already making a difference with improved data privacy. "Reflected in the data [in this report] are these tangential benefits of getting your data house in order," he says.

Christian Vezina, CISO at OneSpan, says GDPR has upped the ante for due diligence of third parties when it comes to data privacy.

"Privacy is starting to be an important part of standard vendor assessment processes," Vezina says. "Service organizations having a higher level of privacy maturity will benefit from a shortened sales cycle, as they will be in a position not only to demonstrate their compliance, but to assist their customers in meeting their own compliance obligations."

Related Content:

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:22:30 PM
Re: GDPR compliance
@Kelly: Well, to look at the other side of things, what's the total cost of compliance in each case? And how many years down the road will the ROI be realized?

Compare the recent Google fine of fifty-something million dollars. They probably have that much in the company swear jar.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:19:48 PM
Re: GDPR compliance
Well, trust me, a lot of the EU DPAs weren't exactly sitting on their laurels when it came to enforcement/policing.

It's more an issue of the difference between the EU's approach to these matters and the US's approach to these matters (the latter being much more laissez-faire by comparison).
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:05:29 AM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data. Yes it seems so but but I expect that being charging while we gain more experience. Big companies will find loopholes quite easily.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:04:06 AM
Re: GDPR compliance
Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something. Makes sense. Companies will start firing back and try to win cases in the courts unfortunately.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:03:08 AM
Re: GDPR compliance
lot of organizations to do more than "check-the-box compliance" (which is what usually happens). This is really true. Most of the time showing that the box is checked is enough for many organizations.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:02:05 AM
Re: GDPR compliance
GDPR is the rare data-stewardship regulation I think one reason for that is it just not a regulation but the one that is enforced.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:00:08 AM
New study
a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year Positive results of a regulation? This certainly rarely happens. :-))
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
1/24/2019 | 6:06:10 PM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/24/2019 | 5:42:04 PM
GDPR compliance
GDPR is the rare data-stewardship regulation that (1) caused so much panic and (2) was so in-depth and broadly encompassing that it compelled a lot of organizations to do more than "check-the-box compliance" (which is what usually happens).

Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .