Organizations are still not doing enough to protect data privacy
- Published: Tuesday, 13 March 2018 09:00
Many organizations are not taking all the necessary steps to protect data privacy, according to new findings released from PwC’s 2018 Global State of Information Security Survey (GSISS).
When it comes to third parties who handle personal data of customers and employees, less than half (46 percent) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46 percent) say their organization requires third parties to comply with their privacy policies.
The survey draws on responses of 9,500 senior business and technology executives from 122 countries.
Businesses in Europe and the Middle East generally lag behind those in Asia, North America, and South America in developing an overall information security strategy and implementing data-use governance practices.
PwC expects emerging improvements in authentication technology, including biometrics and encryption, to increasingly help business leaders build trusted networks.
PwC also expects increased pressure on industry to encrypt data for protection, which will drive related investments. Among financial sector respondents, 46 percent say they plan to increase investment in encryption this year.
Less than a third (31 percent) of 2018 GSISS respondents say their corporate board directly participates in a review of current security and privacy risks. For organizations worth more than $25 billion the figure is only slightly higher (36 percent).
Paul O'Rourke, PwC’s Asia Pacific Cybersecurity and Privacy Leader comments: “Organizations of all sizes should boost the engagement of corporate boards in the oversight of cyber and privacy risk management. Without a solid understanding of the risks, boards are not well positioned to exercise their oversight responsibilities for data protection and privacy matters.”