CIOs Admit New EU Data Protection Reforms Will Leave Them Exposed

Industry news

Egress Software Technologies, a leading provider of encryption services, today announced the findings of a CIO survey, which has highlighted an alarming lack of confidence in systems designed to protect sensitive data when shared with third parties. In fact, of the CIOs surveyed, 87% admitted to being worried that their current information security policies and procedures are not only putting their company at risk, but will also leave them exposed under the new EU General Data Protection Regulation (GDPR). In addition, the survey also showed that over three-quarters of CIOs (77%) are getting frustrated that despite technology – such as encryption – being available to enable secure ways of working, employees just aren’t using them. Significantly, they believe this is creating even more risk for the business.

Summary of key findings

  • 87% are concerned their organisation might be exposed under the new EU regulation
  • 73.5% are committing to tightening up data sharing processes in response
  • Only 20% are focusing on accidental breach, despite research showing it is responsible for 93% of incidents
  • 83% admitted they would prioritise technologies based on perceived ease of deployment, rather than their ability to secure data
  • 77% are frustrated that users choose not to use the data security tools made available to them
  • 87% of these acknowledged this made their company more vulnerable

Data security priorities out of step with reality

Throughout 2015 high-profile organisations were repeatedly the focus of media attention following cyber-attacks on their customer data. Consequently, there are few surprises in board-level information security priorities on external vs internal threats to data protection, with 49% focused on external hackers and only 20% on accidental breach.

Board-level discussions on information security are also being brought into sharp focus now that the EU GDPR is looming overhead. The new legislation, due to come into force in 2018, will bring with it a mandatory notification processes of 72 hours for data breach incidents and fines of up to 4% global turnover for organisations that have put sensitive customer data at risk. Unsurprisingly this legislation is impacting on CIOs’ priorities, with 87% of respondents concerned their organisation might be exposed under the new regulation, and 73.5% committing to tightening up data sharing processes as a result.

Egress CEO, Tony Pepper, comments: “At a board level, these results demonstrate a concerning disconnect with reality. ICO statistics demonstrate that 93% of data security breaches occurs as a result of human error – that is, people making mistakes when sharing sensitive information, poor processes and systems in place, and overall lack of care when handling data. Consequently, the emphasis being placed on cyber-attacks has the potential to become a distraction for many organisations. To date, much of the private sector has not been mandated to disclose breach incidents, but that is changing. And the results show that now they could be heading for trouble.”

It’s time to face up to the real issue

When examining some of the reasons behind the prioritisation of data security solutions, the research shows that 83.5% of respondents would prioritise technologies based on perceived ease of deployment, rather than their ability to secure data. In particular, the research highlighted issues such as potential pressures on IT helpdesks (44%), potential disruption to work processes (31.5%) and complex integrations (23%) mean there is little appetite to tackle the issue head on and businesses remain at risk.

It is also apparent that even when technology is implemented, concerns remain for CIOs. 76.5% of respondents were frustrated that users choose not to use the tools made available to them, with 87% of these acknowledging this made their company more vulnerable.

Pepper continues: “This research is definitely a wakeup call for businesses’ priorities. Information security vendors are able to offer solutions that, for example, make email encryption as easy to use as standard mail by deploying it centrally across the enterprise and seamlessly integrating via ADFS, SAML2 or other protocols. The focus is now very much on delivering information security, but not at the expense of staff efficiency.

“Now it’s time for organisations to respond by investing in the right areas and, in doing so, tackle the heart of the problem. By procuring easily deployable technology that is simple for staff to use, not only will they gain end-user buy-in but will also protect the sensitive customer data they share. At the end of the day, this will not only help customer confidence but, by defending organisations from data breaches, will protect them from the reputational damage and large financial penalties that invariably follow a breach!”

For a copy of the full research paper, contact

Contact our PR team

Jordan 230X230

Jordan Brackenbury

Public Relations Manager

Email Jordan


Rebecca Bailey

Senior Corporate Marketing Manager

Email Rebecca

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organization faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behavior such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.

You might also be interested in ...