Overwhelming number of UK CIOs from financial services firms are not prepared for the EU General Data Protection Regulation (GDPR), according to a report published by Egress Software Technologies.
The survey revealed that 84% of the respondents admitted concerns that their current information security policies and their procedures are not sufficient to comply with the new regulation.
Nearly three-fourth (74%) of the respondents said they intend to tighten up data sharing processes as a result.
The study found that majority of financial services firms are frustrated that even when technology such as encryption is made available to enable secure ways of working, employees aren’t using them.
The report also revealed that merely 16% of boards in financial services firms are prioritising accidental breach, with 42% emphasising external hackers and 30% malicious insiders.
The recently ratified EU GDPR legislation, due to come into effect in 2018, will include a mandatory notification clause – forcing companies to report data breaches within 72 hours. Companies will face heavy financial penalties of up to EUR20m or 4% of annual worldwide turnover, whichever is greater.
Despite this, the report says, only 16% of financial services organisations have confidence in their current data security processes and procedures.
Furthermore, 78% of CIOs are frustrated that users avoid the tools provided to share information securely, with 85% believing this lack of cooperation from users is increasing their risk of data breach, the report added.
Egress CEO Tony Pepper comments: “The news of Brexit will not change this: it is likely that organisations will still be subject to EU regulation for some time until the official leave date, while the ICO may prefer to retain the GDPR as the UK’s rigorous data protection standard rather than creating an entirely new one from scratch.
“While it is critical for firms to have strong defences to stop external hackers, this should not come at the expense of protecting against the very real threat posed by human error. By enforcing mandatory reporting of data breaches, the GDPR is going to shine a light on many misdemeanours that might have otherwise been brushed under the carpet, so it could prove very costly if organisations don’t act now and reorganise their priorities.”