Survey: Businesses' security investments lessening impact of data breaches

Survey: Businesses' security investments lessening impact of data breaches
© Thinkstock

Businesses that are investing in privacy measures for their data are seeing some benefits when they do experience a hack, a new study finds.

An annual Cisco survey of 3,200 security professionals in 18 countries found that preparing for the General Data Protection Regulation (GDPR) in the European Union appeared to lessen the impact of data breaches.

Out of the professionals surveyed, only 3 percent said they didn’t believe they had to follow GDPR, which requires companies to both know how and where personal user data is handled and offer ways to protect the information.


However, the survey also found that companies that had data protection plans in place experienced some benefits in the case of a data breach.

The report found that a smaller percentage – 74 percent – of companies that experienced a data breach while being in compliance with GDPR reported being impacted by the breach.

That’s compared to the 80 percent of breached companies that were a year away from full GDPR compliance and were impacted by the event, and the 89 percent that are far from being in line with the regulations.

The study also found that 37 percent of GDPR-prepared firms lost more than $500,000 from a data breach, compared to the 64 percent of companies who were not prepared for the regulations.

“The overall message of this is that good privacy is good for business,” said Robert Waitman, a director in Cisco’s privacy office.

Customers also had more questions about how their data is being handled and kept safe, according to the survey.

Delays in making sales to customers over concerns about data privacy was a major issue for firms, with 87 percent of respondents saying they have experienced such delays. That’s up from 66 percent of respondents who said that same last year.

Eric Wenger, the head of privacy policy for Cisco, said that security officers at firms are now spending more time learning about how clients’ data is being stored, both because of GDPR and customers asking them about it.

“Once you’ve done that homework, it becomes easier to answer those questions quickly,” Wenger said.