Skip to main content
 
in
  • The Wellington City Council (WCC) wanted to deliver quality outcomes without breaking the bank. Find out how Planit’s fast and flexible resources helped WCC achieve this goal.

this is a test Who We Are Landing Page

Amplify
DoT
 
       

INSIGHTS / Articles

The Global Cybersecurity Impact of Europe’s GDPR

 11 Oct 2017 
INSIGHTS / Articles

The Global Cybersecurity Impact of Europe’s GDPR

 11 Oct 2017 

We’ve been seeing a lot of headlines around Europe’s GDPR, but what is it and how does it impact organisations outside the EU? Also, if you think GDPR only has an impact on businesses in Europe, think again.

Identity theft is on the rise. Personal information, from credit card details to copies of passports, are precious to criminals. The 2017 Identity Fraud Study by Javelin Strategy & Research found that US$16 billion was stolen from 15.4 million U.S. shoppers in 2016, compared to $15.3b and 13.1m victims the year before.

Similar growth is seen in the rest of the world, according to a report from Risk Based Security. A total of 4,149 confirmed breaches exposed more than 4.2 billion records, approximately 3.2 billion more exposed records than in 2013.

The EU has been working hard to turn the tide and to homogenise privacy protections within the EU. Enter the GDPR (General Data Protection Regulation), a regulation by which Europe intends to unify and strengthen data protection for all citizens and residents of the European Union (EU).

The GDPR aims mainly to hand back control over personal data to residents and citizens of the EU. Besides aimed at organisations handling personal data within the EU, the GDPR also addresses the export of personal data outside the region.

The countdown is towards 25 May 2018. This is when the GDPR becomes enforceable in all European member states.

Because it is a regulation and not a directive, it does not require national governments to pass any enabling legislation. It will be there, and there will be no way around it.

Astronomical fines under the GDPR

In 2016, the UK Information Commissioners Office (ICO) fined local companies £880,500 for infringing actions on citizens/residents’ personal data. According to analyses done by the NCC Group, these fines would have been £69m.

The £400,000 fine that TalkTalk had to cough up would be £59M under the GDPR. These astronomical fines would be enough to put most companies out of business.

The goal of these fines is to entice better cybersecurity, and it has gotten the attention of many boards of EU organisations. But what’s a possible impact on non-EU organisations?

Regulatory conflicts

Various non-EU practices, laws and regulations conflicts with the GDPR. Think about surveillance laws passed in many Anglo-Saxon countries (Five-eyes).

These would bar information on EU citizens to be stored or processed by organisations falling under such legislation. A way around this is to set up shop within the EU, but depending on the size and the dependence on EU trade, this might not be a viable option for most companies.

Data portability for global organisations

If you are running a large social network or global e-shopping site, you collect and process a lot of information of your members. The GDPR will effectively make it illegal to synchronise this data to other points on the planet, should it cross EU borders during the transfer.

This new requirement will have a major impact on the architecture of such networks, requiring large investments to attain compliance. Should a cybersecurity incident occur, non-compliance could lead to the astronomical fines mentioned above.

EU cybersecurity budgets impact on non-EU organisations

One impact for non-EU companies comes from the “lowest hanging fruit” premise, where burglars aim for the easy targets first. When the EU will have relatively strong defences in place due to the GDPR, cybercriminals will flock to easier targets outside the EU.

Putting these defences in place, monitoring them, and appropriately responding to security incidents requires quite a workforce. There are a lot of skilled cybersecurity professionals needed for this, and there is already an impressive shortage of cybersecurity professionals across the globe, with a shortage of two million estimated by 2019.

Due to higher budgets, wages will also follow this trend. It is expected this will attract a lot of cybersecurity talent to move to the EU, depriving non-EU countries of these valuable resources.

The future

The GDPR has a major impact across the globe. International trade will be affected, and cybercriminals will move their activities to easier targets.

To level the playing field, the GDPR will encourage other nations to draft similar regulations within the next few years. In order to not fall victim to cybercriminals, cybersecurity will need to be put high on the agenda in non-EU organisations.

The risks associated with system vulnerabilities are substantial. Instead of waiting for your information to be exploited, systems corrupted and brands damaged, you can take the initiative and protect yourself.

We can provide you with in-depth reports into weaknesses that attackers could exploit in your specific system. With this valuable insight, we can then help you secure your systems in the areas of development, use and infrastructure.

Visit our Security Testing section to find out how we can close these loopholes for you.

Ferdinand Hagethorn

Director - Security Services

Protect Your Data and Reputation

We can help you protect your valuable assets and brand reputation. Following an international best practice methodical approach, we provide you with in-depth reports into weaknesses that attackers could exploit in your specific systems. We can then work with you to close these loopholes.
 
Find out how Planit’s three-pronged approach to security testing can help you protect your systems by addressing development, use, and infrastructure.

 

Find out more

Get updates

Get the latest articles, reports, and job alerts.