GDPR is Stifling Innovation, Says Infosec Community
The impending General Data Protection Regulation (GDPR) is stifling innovation in the cybersecurity industry, according to a survey carried out by AlienVault.
The firm quizzed over 900 attendees at Infosecurity Europe in June this year, and found that 49% of respondents felt the threat of GDPR fines made them more nervous of using cloud-based apps and services.
What’s more, half of those polled also believed that GDPR could cause people to try and cover up data breaches.
AlienVault suggested concerns over the cloud could be due to a lack of cloud security know-how within organizations, with more than a quarter (28%) of those surveyed claiming the level of cloud security expertise in their companies was either ‘novice’ or ‘not very competent’. Further, 27% of respondents admitted to cutting corners with cloud security in order to reduce costs, whilst almost half (48%) either don’t have, or aren’t sure if they have, data processing agreements set up with new cloud providers – an essential part of GDPR compliance.
“Cloud security is clearly still a thorn in the side for some organizations, with IT teams still struggling to monitor their environments effectively for security threats,” said Javvad Malik, security advocate, at AlienVault. “This lack of visibility raises the question of how cloud-consuming organizations are going to cope with the requirements of GDPR if they don’t even know which apps are being used.”
In terms of ‘covering up’ data breaches, half of respondents said the 72-hour reporting rule in Article 33 of the GDPR will do more harm than good, leading companies to hide data breaches to avoid fines rather than reporting them in a timely manner. This could be because 43% of survey participants questioned whether their organization had the ability to identify and report a breach in this time period.
“Organizations with small and overstretched security teams, and limited budgets for cybersecurity, are likely to be extremely worried about the threat of GDPR fines,” Malik argued. “Set against this backdrop, it’s easy to see why some might consider trying to cover up a data breach, rather than deal with the consequences, but this could lead to far greater problems for them in the long term.”
These were sentiments echoed by André Bywater, partner at Cordery Compliance, who told Infosecurity: “It is of very serious concern that GDPR could cause people to try and cover up data breaches as this will lead to a culture of major compliance failure.”
Source: Information Security Magazine