The annual report by the government, Cyber Governance Health Check Report 2017 has revealed that just 6% of the UK’s FTSE 350 are completely prepared for the forthcoming introduction of the European Union General Data Protection Regulations (GDPR). This news comes as the new regulations are less than a year away.
The research by the government which has been carried out every year since 2013 shows that whilst there is an upward trend in the general awareness and preparedness for major cyber incidents, only just over half of all FTSE 350 boards view cyber risks as a top risk when compared with all other risks faced by their company.
Under the new regulations being introduced by the European Union, all organisations that process the data of European Union citizens will be required to do a number of things including:
- Ensure that they have their customer’s consent to use their data
- Report any data breaches to both customers and authorities within three days
- Give customers the right to be forgotten and delete all of their data and be able to prove they have.
- Create an environment where businesses can easily swap their data between different providers whilst ensuring the data is erased from the old provider’s systems.
The news that just 6% of FTSE 350 companies are fully prepared for the new European Union General Data Protection Regulations could come as a surprise when the size of fines are seen. Under the new regulations, fines are much bigger than those than are currently in place across Europe. For data breaches, fines can be levied for up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. For some companies, this could severely hinder their operations and for others it could even see them go out of business.
Commenting on the results of the survey, Minister of State for Digital, Matt Hancock, said:
“An increasing number of organisations who responded to the survey relayed the importance of cyber security in terms of the need to protect their services, reassure the public on the safety of their personal data and measure their organisation’s own exposure to cyber risk. Decisions about cyber are increasingly being taken at the board level, which reflects a significant, positive culture shift amongst FTSE 350s since the launch of the scheme.
“However, cyber maturity among FTSE 350s needs to improve at a faster rate to ensure we can stay ahead of future cyber security challenges. This year’s report shows that a small number of FTSE 350 businesses are continuing to operate without plans in place for managing cyber incidents.
“This is increasingly irresponsible. Furthermore, as we approach the deadline to introduce new regulation such as the General Data Protection Regulation, businesses should continue to prepare themselves for the responsibilities that come with these new requirements.”