Three years down the line and it seems companies are still struggling to get to grips with GDPR, with new figures claiming that less than half (42%) of firms that have fallen victim to a data breach have reported it to the Information Commissioner’s Office.
A new report from cybersecurity firm CrowdStrike, based on a poll of 500 decision-makers in the UK found that the number of reported breaches rose in the past 36 months, but many firms still chose to keep it under their hats.
The report also highlights how UK decision-makers feel about their organisation’s cybersecurity posture. Almost half (46%) believe their business is a target, and two-thirds (67%) consider themselves prepared for the aftermath. Meanwhile, about a third (36%) have specific protocols prepared, in case of a breach.
CrowdStrike claims most businesses either do not know, or underestimate how much they could be fined for a breach of GDPR. Although the ICO has hardly been handing out fines willy-nilly for breaches of the regulation, its £20m penalty against British Airways remains one of the biggest across Europe. Bizarrely, some companies do not even think GDPR still applies in the UK since Brexit.
Not that the findings are without precedent; back in 2019, a report by nCipher Security revealed that three-fifths (61%) of tech leaders in the UK said they would gladly cover up a data breach if they could escape fines. C-level executives were even more eager, with nearly three-quarters (71%) of them claiming they would happily keep quiet to avoid regulatory action.
This is despite the fact that in 2018 Uber was whacked with fines of more than £900,000 by UK and Dutch regulators for showing “complete disregard” for the personal information of both customers and drivers after it covered up a 2016 hack attack for over a year.
GDPR three years on: ‘The aperitif to a cookieless world’
Irish DPC faces new showdown as MEPS vote for action
Business chiefs want to keep schtum over data leaks
Half of UK firms would pay ransom to avoid GDPR fine
Uber fined £900,000 over ‘complete disregard’ for data
TalkTalk back in dock for keeping quiet over stolen data