By Pádraig Hoare
Two in five Irish chief executives are not addressing cyber breaches, a global report into data privacy protection has found.
The survey by PwC of 9,500 chief executives in more than 120 countries found just half have an accurate inventory of employee and customer personal data.
PwC’s latest Irish chief executive survey found almost nine out of 10 Irish CEOs are concerned about cyber threats, but 40% are not addressing security breaches.
Less than half of bosses globally conduct compliance audits of third parties who handle customer and employee data, or plan to boost investment in this area in 2018. Less than a third (31%) say corporate board members directly participate in a review of current security and privacy risks.
Only one in three had started a general data protection regulation (GDPR) assessment at the beginning of 2018.
The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection.
Unlike an EU directive, which can be implemented over a certain time, the regulation will be made law once it begins in May, meaning penalties can be imposed from day one.
The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
PwC Ireland cyber leader Pat Moran said the survey’s findings were worrying.
“GDPR is just around the corner and it is disappointing that the survey suggests that organisations are not doing enough to protect data privacy.
“Using data in more innovative ways opens the door to both more opportunities and more risks. In our experience, there are few companies building cyber and privacy risk management into their digital transformation.
“Understanding the most common risks, including lack of awareness about data collection and retention activities, is a starting point for developing a data-use governance framework,” he said.
Overall, businesses in Europe lag behind their North American counterparts in developing an overall information security strategy, said PwC.