Almost one quarter (23%) of Irish organisations would be forced to close if they were found to be liable to fines under impending General Data Protection Regulation (GDPR) legislation, according to the results of a commissioned by specialist IT solutions distributor DataSolutions. The survey was carried out among more than 100 senior IT decision makers on behalf of DataSolutions by TechPro magazine. Additional findings from the survey will be revealed at the company’s Secure Computing Forum, taking place on Thursday, 21st September in the Aviva Stadium, Ballsbridge, Dublin 4.
Fines for companies found to be non-compliant to GDPR can be as large as €20 million or 4% of global turnover, depending on which is greater. The legislation is set to have a number of wide-ranging effects on Irish businesses. As well as those who said that they would have to cease trading, a further 10% of survey respondents said that their organisation would have to lay off several employees in order to keep trading if found liable to GDPR fines. Another 18% said that their organisation would continue to trade, albeit at a seriously reduced rate.
Despite the serious ramifications of GDPR fines, one-fifth (20%) of organisations said that GDPR compliance is not a priority for their organisation at present. The regulation is set to come into force in less than a year’s time, on 25th May 2018.
The survey shows that some Irish companies are more focused on the effects that GDPR will have, with 34% stating that their organisation has specific annual budget allocated to address the changes in regulatory compliance as a result of GDPR. In general, 2017 is set to cost companies more than last year when it comes to cybersecurity spend, with 93% of those surveyed saying that their organisation will spend more on the area than it did in 2016.
Much of this spend will be directed at boosting existing security infrastructures to defend against increasingly sophisticated cyber-attacks. When it comes to network security, the survey findings indicate that the majority of companies still employ a username and password to secure access. Just 33% of respondents replied that their organisations have adopted two-factor authentication.
Of those companies that do utilise two-factor authentication, the majority (31%) use it to secure remote access to their corporate VPN. Other use cases among survey respondents include securing access to cloud services and sensitive resources such as payroll or finance servers.
Commenting on the survey results, David Keating, security specialist, DataSolutions, said: “The results of this year’s survey outline how the changing information security environment is having a direct effect on Irish organisations. GDPR fines could have a huge impact on companies, with a significant number of those unable to pay the amounts required being forced to cease trading. To avoid fines and safeguard their futures, Irish businesses need to make achieving compliance one of their top priorities.
“As well as this, simple enhancements such as implementing two-factor authentication can dramatically improve an organisations information security standing. It’s time for organisations to realise that cybercriminals are incredibly sophisticated, and to do everything they can to stay one step ahead.”