Intelligent CISO Issue 13 | Page 27

ONE YEAR ON, WHAT HAS BEEN THE IMPACT OF GDPR ON DATA SECURITY? N ew statistics from the Department for Digital, Culture, Media and Sport (DCMS) have shown a reduction in the percentage of businesses suffering a cyberbreach or attack in the last year. The 2019 Cyber Security Breaches Survey shows that 32% of businesses identified a cyberattack in the last 12 months, down from 43% the previous year. The reduction, the UK government says, is partly due to the introduction of tough new data laws under the Data Protection Act and the General Data Protection Regulations (GDPR). A total of 30% of businesses and 36% of charities have made changes to their cybersecurity policies and processes as a result of GDPR coming into force in May 2018. However, of those businesses that did suffer attacks, the typical median number of breaches has risen from four in 2018 to six in 2019. Therefore, businesses and charities suffering cyberattacks and breaches appear to be experiencing more attacks www.intelligentciso.com | Issue 13 It’s encouraging to see that business and charity leaders are taking cybersecurity more seriously than ever before. than in previous years. Where a breach has resulted in a loss of data or assets, the average cost of a cyberattack on a business has gone up by more than £1,000 since 2018 to £4,180. Business leaders are now being urged to do more to protect themselves against cybercrime. The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware. Digital Minister Margot James said: “Following the introduction of new data protection laws in the UK it’s encouraging to see that business and charity leaders are taking cybersecurity more seriously than ever before. “However, with less than three in 10 of those companies having trained staff to deal with cyberthreats, there’s still a long way to go to make sure that organisations are better protected. “We know that tackling cyberthreats is not always at the top of business and charities list of things to do, but with the rising costs of attacks, it’s not something organisations can choose to ignore any longer.” 27