Skip to main content
close search
site logo
Dive Brief

Confidence in breach response low as privacy fines sink into companies

Published March 4, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Kendall Davis

Dive Brief:

  • Only one-third of businesses are confident or very confident in their ability to handle an international data breach, according to a Ponemon Institute and Experian Data Preparedness survey of more than 1,000 professionals globally. 
  • In the last year, companies doubled their compliance effectiveness in breach notifications.​ Likewise, 54% of companies were able to comply with GDPR more broadly in 2019, compared to 36% in 2018. 
  • On average, organizations experienced seven breaches that required reporting under GDPR. Of U.S. respondents, 63% experienced a breach involving theft or loss of over 1,000 records of confidential data in the last two years.​

Dive Insight:

Government is catching up to technology, or at least trying to. The federal government trail Europe — and California —​ in data privacy regulation. In February, the Data Protection Act was proposed in Congress in an effort to establish a federal watchdog

U.S. companies are sitting in data privacy purgatory and 67% fear they can't sustain their compliance with GDPR. 

Compliance is a rolling obligation, which follows data where it travels throughout an organization. From an employee spreadsheet to a data lake, data is hardly stationary, which complicates compliance. 

U.S. companies spent $82 million on compliance solutions in the last 12 months and CFOs anticipate larger IT budgets partially due to information management and privacy. 

GDPR is only in its second year and fines have reached about $126 million. The regulation found its teeth, penalizing companies outside the tech industry, including British Airways and Marriott International. 

Law firm DLA Piper said it's "unwise to assume" fines will be "low and infrequent." Instead, GDPR regulators, in part, calculate fines based on circumstance: Was the privacy infringement intentional or negligent? Likewise, whether or not companies had adequate security measures in place. 

If a company experiences an unavailable system or an inappropriate security use, it may not require reporting to regulators. Reportable breaches are limited to how much they impact a consumer's rights and freedoms. However, 35% of companies that experienced a breach don't know the cause of it, which could increase the chances of a recurrence. 

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in IT Strategy
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.