Cybersecurity Investments Are Paying Off For GDPR-Ready Firms

Cybersecurity can seem an overwhelming challenge to organizations considering the pace of cyber-attackers’ evolution that seems to force cybersecurity solution providers into a perpetual game of catch-up. The cat-and-mouse game is expensive, too: data from Gartner released last year predict businesses will spend $124 billion this year on cybersecurity, a 9 percent increase from 2018 spend levels.

Much of that spend (nearly one-third, by Gartner accounts), will go toward investment in consulting and implementation services as companies seek guidance for changing cybersecurity regulations like GDPR in Europe.

Less than half of IT professionals in the U.S. and Europe told Bitdefender in a separate survey that their budgets are large enough to accommodate the security for which infrastructure calls. The latest research from Cisco on the topic suggests executives may want to loosen the purse strings when it comes to cybersecurity investment, because the spend is paying off — including in ways beyond regulatory compliance.

In its 2019 Data Privacy Benchmark Study, published last week, Cisco found that the combination of security best practices and investment in cybersecurity technology correlates to a lessened impact from data breaches. The company surveyed more than 3,200 enterprise security and privacy executives across 18 countries and found that businesses that are ready for GDPR compliance also show lower data breach incident rates, fewer internal records impacted by a data breach and shorter downtime of systems.

Cisco also found that GDPR compliant businesses were less likely to suffer a financial loss as a result of a data breach.

Three-quarters of professionals told researchers that they are realizing benefits from their cybersecurity and data protection investments that go beyond GDPR compliance, including “greater agility and innovation resulting from having appropriate data controls, gaining competitive advantage, and improved operational efficiency from having data organized and catalogued.”

Organizations’ sales cycles are also facing the effects of heightened data security requirements, with the majority of professionals (87 percent) reporting that their sales cycles have faced delays because of customers’ privacy concerns — a 21 percent increase from last year. Cisco warned that the longer the delay, the greater likelihood that the sale will be lost as a potential customer turns to a competitor.

Businesses cite customer requests for their privacy needs, providing understandable privacy information, customer privacy education and product redesign to meet customer privacy needs as the biggest delayers of sales. But for companies that are GDPR-ready, sales delays were significantly shorter — 3.4 weeks, compared to 5.4 weeks for companies that are least prepared for GDPR.

“This past year, privacy and data protection importance increased dramatically,” said Cisco Chief Privacy Officer Michelle Dennedy in a statement announcing the survey results. “Data is the new currency, and as the market shifts, we see organizations realizing real business benefits from their investments in protecting their data.”

While GDPR compliance and protection against data breaches remain top focuses for organizations that do business in Europe, another recent report reveals businesses will continue to face the rising threat of phishing attacks this year, with instances of the cyber attack steadily climbing through 2018.

Data from Proofpoint, as detailed in a recent Health Net Security report, found 83 percent of the 15,000 cybersecurity professionals surveyed said they had experienced a phishing attack last year, a 76 percent increase from 2017 levels.

The research points to investments in cybersecurity training as another area that appears to be paying off for organizations: 60 percent of survey respondents said they saw an increase in employee detection of phishing attacks following awareness training.

“Email is the top cyberattack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organization,” said Joe Ferrara, general manager of Security Awareness Training for Proofpoint, in a statement. “As these threats grow in scope and sophistication, it is critical that organizations prioritize security awareness training to educate employees about cybersecurity best practices and establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”