Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/24/2019
05:05 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

Many organizations find that getting their data privacy house in order is paying off.

It's been less than a year since the General Data Protection Regulation (GDPR) officially took effect, but a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year.

Cisco Systems' new Data Privacy Benchmark Study, based on data from 3,200 security professionals worldwide, found that nearly 60% of organizations have met most or all GDPR requirements, and close to 30% expect to do so within a year. GDPR, which became enforceable on May 28, 2018, provides a standard data privacy law for the European Union, imposing stricter rules on the control and use of personally identifiable information as well as giving users more control over their data.

The most GDPR-ready organizations suffered fewer data breaches in the last year (74%) than organizations that aren't as far along in their data privacy efforts, according to the study. Eighty percent of organizations less than a year from GDPR compliance were hit with a data breach, and nearly 90% of those who don't expect to be GDPR-ready for more than a year experienced data breaches.

GDPR readiness also helped minimize the number of data records exposed as well as the resulting costs: The firms that were readier had 79,000 files exposed, versus 212,000 in orgs less mature in their data privacy efforts. While 64% of the not-ready-for-GDPR firms lost more than $500,000 last year in data breach costs, just 37% of the GDPR-ready ones experienced that level of costs.

The European Union's regulation — which affects multinational firms worldwide — has been heating up of late: France's data privacy agency earlier this week fined Google some $57 million in penalties for failing to disclose how it gathers and uses personal information of users. This is the first major fine for a US tech company under the new privacy law.

Robert Waitman, director of data privacy at Cisco, says his firm's study also found that data privacy investments are helping to shorten sales cycles. "The length of delay has been cut in half now, which was surprising," he says. "It's shrunk so significantly because they are more experienced in answering companies' data privacy questions."

GDPR has its trade-offs, notes Waitman, but it's already making a difference with improved data privacy. "Reflected in the data [in this report] are these tangential benefits of getting your data house in order," he says.

Christian Vezina, CISO at OneSpan, says GDPR has upped the ante for due diligence of third parties when it comes to data privacy.

"Privacy is starting to be an important part of standard vendor assessment processes," Vezina says. "Service organizations having a higher level of privacy maturity will benefit from a shortened sales cycle, as they will be in a position not only to demonstrate their compliance, but to assist their customers in meeting their own compliance obligations."

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:22:30 PM
Re: GDPR compliance
@Kelly: Well, to look at the other side of things, what's the total cost of compliance in each case? And how many years down the road will the ROI be realized?

Compare the recent Google fine of fifty-something million dollars. They probably have that much in the company swear jar.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2019 | 11:19:48 PM
Re: GDPR compliance
Well, trust me, a lot of the EU DPAs weren't exactly sitting on their laurels when it came to enforcement/policing.

It's more an issue of the difference between the EU's approach to these matters and the US's approach to these matters (the latter being much more laissez-faire by comparison).
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:05:29 AM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data. Yes it seems so but but I expect that being charging while we gain more experience. Big companies will find loopholes quite easily.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:04:06 AM
Re: GDPR compliance
Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something. Makes sense. Companies will start firing back and try to win cases in the courts unfortunately.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:03:08 AM
Re: GDPR compliance
lot of organizations to do more than "check-the-box compliance" (which is what usually happens). This is really true. Most of the time showing that the box is checked is enough for many organizations.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:02:05 AM
Re: GDPR compliance
GDPR is the rare data-stewardship regulation I think one reason for that is it just not a regulation but the one that is enforced.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 11:00:08 AM
New study
a new study already shows that organizations that invested in data privacy to meet GDPR guidelines suffered fewer data breaches in the past year Positive results of a regulation? This certainly rarely happens. :-))
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
1/24/2019 | 6:06:10 PM
Re: GDPR compliance
Seriously! All the angst seems to be replaced by some pretty good outcomes for those who comply, according to this new data.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/24/2019 | 5:42:04 PM
GDPR compliance
GDPR is the rare data-stewardship regulation that (1) caused so much panic and (2) was so in-depth and broadly encompassing that it compelled a lot of organizations to do more than "check-the-box compliance" (which is what usually happens).

Things might level out *slightly* in the next, say, 3-5 years, but it appears that all that hype was good for something.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.