This post was first published by Okera on their blog and is republished with permission
Ensuring data security and privacy is hard, and there seems to be no end to the string of major hacks and breaches making headlines. Ransomware attacks on companies like JBS and Colonial Pipeline are front page news in the United States. Only a few weeks prior, a ransomware group followed through on its threat to release personnel files of the Washington, D.C. Metropolitan Police Department. The examples are endless and unrelenting. Simply put, digital data is stolen because it’s valuable, and the global supply of data is increasing every day.
We all know and appreciate that governments at all levels have issued guidance, orders, and regulations to reduce the frequency and mitigate the severity of cyber attacks.
When the European Union issued the General Data Protection Regulation (GDPR) in 2018, it demonstrated the seriousness of data protection by imposing fines up to 4% of revenue for companies that failed to comply. Four percent is a huge number when you consider the investments companies make to reduce their tax burden. But we have all heard about companies that are not worried about fines, so we asked about it in this survey. The answers surprised us. The data indicates that many companies (73%) are indeed not worried about fines, but that doesn’t mean they’re not worried about compliance. On the contrary, respondents overwhelmingly report (94%) that compliance is an organizational priority, but their motivations appear to be focused on building trust with their customers and partners. In other words, they’re looking at compliance strategically.
Additional survey results indicate a maturing and readiness for enterprise-scale data security. For example, all respondents have made investments to comply with data protection laws. A mere 6% report that they focused only on a single privacy regulation such as GDPR. The remainder are addressing multiple regulations, with an impressive 49% reporting a higher level strategic approach, in which they automate and standardize enforcement with multiple laws.
Similarly, 70% report that they’re very or extremely confident that they know where all their data is. This is highly encouraging, because once companies know where their data is, they can manage it. Like everyone concerned with data security, we at Okera encourage a zero-trust approach to data access and authorization. It may be counterintuitive at first, but by locking down data by default, it becomes easier for companies to feel confident using an automated data authorization platform like Okera to provision access to those who need it for legitimate business purposes.
We at Okera thank Corinium Intelligence for conducting this survey and for the fascinating follow-up interviews with front-line industry experts. I hope you learn and enjoy the ah-ha! moments as much as we did.