Almost a quarter of UK and German businesses (23%) believe the GDPR may have resulted in a greater risk of data breaches, six months after the legislation was introduced.
The findings come from a new survey by Thales eSecurity which polled 1000 combined UK and German business executives and 2000 consumers to better understand attitudes to the sweeping data protection legislation.
“I think there are three main reasons businesses might feel more vulnerable as a result of the regulation. The first is that due to the complexity of the GDPR, organizations lack a solid understanding of how to confidentially protect all data appropriately,” solutions marketing manager, Jim DeLorenzo, told Infosecurity.
In fact, nearly a third (30%) of the CEOs, CIOs and CISOs interviewed felt that the introduction of the GDPR had led to increased complexity, with 40% of UK firms forced to seek guidance from the ICO in the first six months.
“Secondly, organizations may find that GDPR creates an internal distraction that draws resources away from other security activities, potentially resulting in an area of exposure,” he continued. “And finally, they may even think hackers will be more inclined to target businesses, due to the severe penalties faced by organizations who become victims of attacks.”
Trend Micro has warned in the past about the potential for hackers to target businesses concerned of the financial implications of reporting a major attack. Back in February it claimed that attackers could look to steal data and threaten to go public unless they receive a pay-out, calculated to be less than the approximate GDPR penalty.
However, with businesses still waiting to see how strictly regulators enforce the legislation, it’s unclear what these penalties would be. German chat app Knuddels became the country’s first business to be handed a fine this week.
Thales eSecurity also found rising consumer expectations about how personal data is managed.
The vast majority (86%) of respondents said they would consider switching from a company to a rival if it suffered a breach, with 69% claiming they’d also consider starting legal action against a firm found to have broken the GDPR.
The legislation has also changed the way companies interact with third-parties: 14% said it had created a negative impact on its international partnerships while 38% admitted being forced to completely change their security policies for contractors and vendors.