BSI Study: One in Six European Companies Unprepared for GDPR Breach

The British Standards Institution (BSI) has released the results of a study which show that one in six European business are not sufficiently ready to face the threat of a data breach.

This is particularly worrying as the European Union’s General Data Protection Regulation (GDPR) became enforceable on May 25 this year. Under the new GDPR regulation companies face fines of €20m or 4 per cent of annual global revenue, whichever figure is higher.

BSI Group is the national standards body, of the United Kingdom, which produces technical standards on a wide range of products and services including certification and standards-related services to businesses.

The report showed that 73 per cent of groups who participated in the BSI research were ‘concerned about cybersecurity and were seeking solutions’. However, one in six groups advised the researchers that they had no plan in place to address a data breaches. 33 per cent said they were not currently completing cybersecurity testing as opposed to 59 per cent revealing that they were engaging in end-user security awareness programmes.

Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI, released a statement in relation to the results of the report saying: “Training and education is essential when it comes to achieving information resilience and it’s reassuring to see that organizations are actively implementing awareness programmes in the workplace. However, being proactive about cybersecurity is a company’s best defence and it is unfortunate to see that one in six organizations are unprepared for a breach and that over a third of companies aren’t partaking in cybersecurity testing within their organization.”

He went on to say: “The increase in imminent malware threats, the importance of complying with new data protection regulations, the treatment of Shadow IT, and the advances in social engineering have been at the forefront this year. At BSI, we work with organizations to implement tailored plans that incorporate training at all levels of an organization, from senior executives to junior employees, as well as cybersecurity testing services to identify and address any weaknesses.  The cyber landscape is evolving, and organizations need to ensure that they are prepared so that they can remain resilient in protecting their information, people and reputation, both now and, in the future.”

GDPR was adopted by the European Parliament on April 14 2016 and companies, organization, groups and firms doing business within the European Union and managing the private data of European Union residents were given until May 25 2018 to put in place processes and systems in order to comply with the new legislation.