GDPR has been in effect since May 25th, 2018. The purpose of the regulation is twofold: to enhance the privacy of an EU citizen’s related information and to strengthen the powers of the data protection institutions and regulators to act against any organization breaches the new rules. But is GDPR alone the panacea for fighting cybercrime and data breaches?

The State of Cybersecurity

The statistics of cybercrime are frightening, with losses amounting to $5 trillion in 2015. Cybercrime is more profitable than the illegal drug business and constitutes the biggest transfer of economic wealth in human history. On the other hand, organizations spent in 2017 more than $87 billion in state-of-the-art technologies such as artificial intelligence, machine learning, peripheral security, protection software and services trying to protect themselves from the cyber criminals. Were they successful?

Apparently not. There is a paradox with cybersecurity. Although organizations are investing huge amounts of money trying to secure themselves, the number and size of cyber attacks is still increasing. There’s one ransomware attack every 14 seconds, for example, and the total cost of ransomware attacks in 2017 was more than $5 billion. Finally, another factor affecting the state of cybersecurity is the growing human attack surface, which is expected to grow from 3,8 billion users in 2017 to almost 6 billion users in 2022.

GDPR and Organizations

A lot of articles and opinions have been written about what is and what isn’t GDPR. To cut a long story short, GDPR is a strategic choice and not an operational tactic. It is about respecting your customer’s privacy and of course it is about respecting yourself, your reputation as an organization. Yes, it is true that failure of protecting the personal data can and will result in prosecution, fines and damage in reputation and (Read more...)