Less than a fifth of organisations are fully prepared to notify customers promptly about a data breach, a new report by Tripwire says.
“On time” means within 72 hours, as the upcoming GDPR regulations state. The vast majority (73 per cent) said they were ‘somewhat prepared’ and that they would have to figure things out ‘on the fly’.
A quarter (24 per cent) would be capable of sending out notifications within2 4 hours, the report added.
Tim Erlin, vice president of product management and strategy at Tripwire believes this approach is “short-sighted”.
“When it comes to cybersecurity, it’s short-sighted to figure things out ‘on the fly,’” said Tim Erlin, vice president of product management and strategy at Tripwire. “The majority of data breaches and security incidents can be avoided by following basic security steps and implementing tried and tested foundational controls. With GDPR coming into effect this year, running a business without a fully baked plan is really asking for trouble.”
Confidence rises when companies get asked about storing customer data. More than a third think their knowledge of where the data is stored is “excellent”. When it comes to the ability to protect this data, 21 per cent said it was ‘excellent’.
The GDPR, or General Data Protection Regulation, is a new legislative from the European Union which aims to regulate how businesses gather, store, protect and use EU citizens user data. It will go into effect in late May 2018.
Image source: Shutterstock/Wright Studio