Are businesses lacking information security compliance skills?
Technology is a double-edged sword for many businesses; innovative new systems have helped organisations drive efficiency and performance, but this has also created a number of information security and data challenges.
Regulators have been forced to keep pace with the rapid evolution of technology and the explosion of data in an effort to ensure privacy and protect confidential information.
This has made corporate governance more complex for businesses, as they must comply with a growing list of data-related regulations.
However, new research has suggested that organisations may not be fully aware of their compliance obligations, which could leave them susceptible to fines, reputational damage and financial losses.
Executive confusion over data and privacy
The 2016 State of Compliance survey from Liaison Technologies revealed more than half of C-level and senior executives aren’t sure which information security and privacy regulations apply to their businesses.
Worryingly, one-quarter of these decision-makers didn’t know who was responsible for data compliance issues, while 85 per cent said they did not feel their job security would be at risk from compliance failures.
These figures were despite multiple well-publicised data breaches at multinational organisations recently, some of which have resulted in high-profile resignations.
“What we found was rather concerning and further evidence of the strong need for comprehensive solutions that can help organisations maintain continuous compliance when handling regulated or other sensitive data, whether the data resides on premises or in the cloud,” said Hmong Vang, chief trust officer at Liaison.
Difficulties for UK businesses
The Liaison survey polled US decision-makers, but data and privacy compliance also remains a key issue for businesses in the UK.
A recent Computer Weekly roundtable suggested small and medium-sized enterprises (SMEs) in particular often struggle to understand and follow regulations.
Marcus East, chief information officer at Comic Relief, said security breaches have a “double whammy” effect, as significant reputational damage can follow the immediate financial costs.
“Sometimes top leadership doesn’t understand the issue. Whatever it costs, everyone needs to understand what the security risks are so they can decide if the cost is necessary and what the implications are if they don’t take action,” he explained.
“Just because information security is complex, you can’t bury your head in the sand.”
Data security challenges
There are numerous pieces of legislation that could apply to businesses, including the Data Protection Act and the Payment Card Industry Data Security Standard.
In fact, a 2013 Department for Business, Innovation and Skills report said the number of standards relating to cyber security exceeded more than 1,000 publications worldwide.
Meanwhile, the UK’s potential departure from the EU could see further disruptions in how data is regulated in the country. For example, the General Data Protection Regulation (GDPR) was officially adopted in April 2016, but it is not expected to come into effect for another two years.
This is likely to collide with the government’s proposed timetable for leaving the union, which could create confusion over whether the UK will continue to follow European regulations such as the GDPR or introduce its own laws.
A Trend Micro study from earlier this year showed 85 per cent of British businesses believe they’ll face significant challenges complying with the GDPR – 14 per cent admitted they don’t even currently follow the Data Protection Act. So what can businesses do to prevent themselves falling victim to compliance failures?
Becoming data ready
Clearly, information security and privacy compliance is a difficult prospect for many organisations, especially SMEs that may not have the same level of regulatory awareness as larger organisations.
However, businesses that strengthen their compliance and cyber security teams can ensure they are better prepared for any changes that occur in regulations over the coming years.
As technology continues to evolve and devices create increasing quantities of data, organisations are likely to face a growing number of standards and regulations when handling sensitive information.
Having the right systems and professionals in place to adapt quickly to this ever-changing environment could be crucial to survival as cyber attacks become more sophisticated and damaging.
Our 2016 Compensation and Market Trends Report combines our review of the prevailing conditions in the compliance recruitment market with the results of our latest employer survey.
Image: Cacaroot via iStock