British firms still don't have cyber resiliency plans in place, despite GDPR

(Image credit: Image Credit: Evannovostro / Shutterstock)

Most IT decision makers expect a serious cybersecurity incident at their company, yet they’re not doing much about it, despite it being a central part of GDPR.

Latest reports from Vanson Bourne says 51 per cent of IT decision-makers see a negative business impact from an email-borne cyberattack as an ‘inevitability’, yet 52 per cent don’t have a cyber-resilience strategy set up. At the same time, businesses see data as incredibly important, and consider it ‘the single greatest loss following an email-based impersonation attack’.

Of those that do have a cyber-resilience strategy set up, roughly a third (37 per cent) have archiving and e-discovery included.

Vanson Bourne’s report says emails security and compliance best practices need to start from the top, down to ‘every single employee’. Training is considered ‘critical’. Yet, slightly more than half (57 per cent) of UK employees say their company offers training sessions.

“Email can be a powerful business tool. But if it isn’t considered as part of an organisation’s core security strategy, it can become a major vulnerability,” commented Marc French, Chief Trust Officer at Mimecast comments.

“Despite GDPR being in place, many businesses still do not realise the magnitude of personal information that can be hidden within email systems. With ever growing archives there is near certain chance businesses are holding on to sensitive personal data as defined by GDPR. With email the number one vector of choice for hackers looking to infiltrate corporate systems, this is a fundamental security flaw.”

Image Credit: Evannovostro / Shutterstock