Our latest international survey results identify human error as posing the biggest data protection risk for companies.
Against the backdrop of regulation tightening like GDPR in Europe, and the news that 90% of security breaches start from human error rather than technology, companies are struggling with data protection laws worldwide.
And a significant 50% of companies don’t know or are uncertain about the impact new technologies; like blockchain, the Internet of Things (IoT) and sensors, have on the management of privacy.
This is evidence of a greater need for trust and transparency on the market; especially as just one in ten companies say they are experts in data handling.
Around 1,300 companies across sectors in Asia, Europe, North America, Central and South America took part in the DNV GL survey and admitted they are finding it difficult to deal with cyberthreats, record management as well as enormous amounts of data to preserve and protect from errors.
Luca Crisciotti, CEO DNVGL – Business Assurance explains: “Data protection is no doubt one of today's most pressing risk areas, its implications go far beyond compliance. Regulations, like GDPR, extend to the ability to satisfy legitimate customer requests for the protection of personal data, safeguard brand reputation and ensure business continuity. An adequate approach is no longer an option but a crucial business requirement. It affects companies globally and many are still struggling to master the most basic aspects of the issue."
It was found only companies with established processes see data protection as a means to safeguard their brand or to meet customers’ needs while 80% approach it as a “ticket to trade."
The regulations are complex and 40% of global firms are still struggling to know where to focus their efforts to be compliant. Overall, companies perceive data management as risky, with threats that aren’t only external or related to IT infrastructures (19%).
Low-level legal (24%) and technical competence (17%) and unawareness among employees (22%) and management (20%) are other main concerns. After years in which the focus was primarily on infrastructures, the spotlight is increasingly on the human role with 43% allocating resources to staff training, on the podium of priority investments together with investments for IT security enhancement (49%) and risk assessment activities (38%).
Luca Crisciotti, CEO DNVGL-Business Assurance added: “Robust IT security measures, together with preliminary risk analysis and the development of a corporate culture that provides for correct data handling at all levels is fundamental to face data protection issues.
“ISO/IEC 27001 certification facilitates this process. It requires policies, roles and responsibilities to be clearly defined, technologies and information management processes put in place and staff trained."
Certification is a valid support for managing personal data protection for 8 in 10 among companies certified against ISO/IEC 27001. They say that the rewards obtained offset the most pressing risks: (51%) observed increased management commitment, (44%) noted higher employee engagement and (46%) managed to implement appropriate technical measures.
Certified companies also claim correct and efficient data management gives them a competitive advantage (58.3%).