Experian Data Breach Resolution and Ponemon Institute Find Organizations Are Not Ready for Global Security Risks and Regulations

Only 9 percent of companies are prepared for the Global Data Protection Regulation (GDPR) half don’t know where to begin

Costa Mesa, Calif., June 27, 2017 — Experian Data Breach Resolution and Ponemon Institute today released an industry study revealing that while companies generally are aware of and intimidated by global privacy and data security regulations, they fail to properly understand and address necessary organizational changes to comply.

The study, Data Protection Risks & Regulations in the Global Economy, asked more than 550 IT security and compliance professionals, involved with their companies’ global privacy and data security regulations, to weigh in on the top global security risks, as well as how prepared they feel their companies are to respond to a global data breach.

The study found that more than half (51 percent) of companies surveyed had experienced a global data breach, with nearly 56 percent experiencing more than one breach in the past five years. Yet, despite these major security intrusions, 32 percent of respondents noted that their respective companies still don’t have a response plan in place.

Unfortunately, only 30 percent of respondents said their respective C-suite executives are fully aware of the state of their companies’ compliance with global regulations. Moreover, only 38 percent of respondents agreed senior leadership views compliance with global privacy and data protection regulations as a top priority.

“Despite increasing reports of the damage caused by global data breaches, the study emphasizes that the increasing risk of, as well as the experience of going through, a global data breach isn’t enough to lead CIOs and CSOs to prioritize compliance measures in line with what is expected in the GDPR,” said Michael Bruemmer, vice president, Experian Data Breach Resolution. “More emphasis is required from companies, especially those with a multinational footprint, to get ahead of impending global regulations and risks. They can start by conducting risk assessments and investing in new technologies, such as encryption, as well as considering appointing a data protection officer to oversee compliance.”

Additional key findings from the study:

The GDPR notification requirements will be difficult to implement
• Only 9 percent of respondents reported their organization is ready to comply with the European Union’s GDPR.
• Despite acknowledging the challenges and negative effects of noncompliance with the GDPR, many respondents (59 percent) said their companies don’t understand how to comply.
• Surprisingly, 34 percent said they’re preparing for compliance by closing overseas operations in countries with a high noncompliance rate. This indicates they may not fully understand the GDPR, as it doesn’t require companies to have physical operations in the European Union to be impacted.

Companies aren’t adequately prepared to respond to a global data breach
• Almost half (49 percent) of respondents stated their existing security solutions are outdated and inadequate to comply with global regulations. In addition, only 40 percent of respondents said their organization has the right security technologies to adequately protect information assets and IT infrastructure in all overseas locations.
• Only 35 percent said their organizations could manage cultural differences or expectations around privacy and data security across all regions of the world.
• Thirty-nine percent believe their organization has the right policies and procedures in place to protect information assets and critical infrastructure in all overseas locations.

Companies fail to prioritize global regulations and remain skeptical about benefits
• Only 38 percent of respondents agreed that senior leadership views compliance with global privacy and data protection regulations as a top priority.
• Eighty-nine percent of respondents believe the GDPR will have a significant impact on their data protection practices, yet only 41 percent believe global regulations will strengthen their organization’s privacy and data protection practices.
• Seventy percent don’t believe or are unsure the more stringent notification requirements in the GDPR will benefit the victims of a data breach.

To access the full complimentary report,Data Protection Risks & Regulations in the Global Economy,visit http://www.experian.com/data-breach/2017-data-protection-risks-regulations.html

Additional data breach resources, including webinars, white papers and videos, can be found at http://www.experian.com/databreach. Read the Experian Data Breach Resolution blog at http://www.experian.com/dbblog.

About Experian Data Breach Resolution
Experian Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses prepare for a data breach and mitigate consumer risk following breach incidents. With more than a decade of experience, Experian Data Breach Resolution has successfully serviced some of the largest and highest-profile data breaches in history. The group offers swift and effective incident management, notification, call center support and fraud-resolution services while serving millions of affected consumers with proven credit and identity protection products. In 2015, Experian Data Breach Resolution was named a market leader in the Forrester Research, Inc., report on data breach services. Experian Data BreachResolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association and the Ponemon Institute RIM Council and is a founding member of the Medical Identity Fraud Alliance. For more information, visit http://www.experian.com/databreach and follow us on Twitter @Experian_DBR.


Jeanine Takala
1 206 664 7805

Mark Pepping
Experian Data Breach Resolution
1 949 567 6505

About Experian
Experian® is the world’s leading global information services company. During life’s big moments — from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have more than 16,000 people operating across 37 countries and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index. 

Learn more at www.experianplc.com or visit our global content hub at our global news blog for the latest news and insights from the Group.

Experian and the Experian marks used herein are trademarks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.