Tech firms are still ill-prepared for GDPR, says Trend Micro

Security firm says a lack of funds and appropriate tools are to blame

Only half of the world's technology businesses have increased spending on cybersecurity solutions to comply with GDPR.

That's according to a survey carried out by Trend Micro, which shows that the majority of tech firms are still unprepared for the new European data protection law, which is set to come into force in May.

After surveying more than 1,000 IT leaders across Europe, Trend Micro found that IT teams have been pressuring their managers to plough more money into security measures. But they do not seem to be listening.

Just 51 per cent of surveyed companies have made investments into security products to prepare for GDPR, although 25 per cent of them complained about a lack of sufficient protection and data security.

Less than a third of companies (31 per cent) have set aside money for encryption measures, despite the fact that they are an important requirement of GDPR. And only 33 per cent of firms have invested in data loss prevention systems.

Another minority (34 per cent ) of firms revealed that they have purchased advanced technologies to track network attackers, while less than two-thirds of organisations (63 per cent) have integrated breach notification systems for customers.

A quarter of companies (25 per cent) said that limited resources have made it harder to comply with the regulation, with the research revealing that just 37 per cent of firms have trained staff on these changes.

Firms are also ill-prepared to notify regulators and customers about a breach within the 72-hour timeframe. A mere 21 per cent of respondents have processes in place to alert the data protection authority.

Trend Micro explained that Article 34 of the GDPR makes it clear that "individuals must also be notified if a breach results in a high risk to their rights and freedoms".

Worryingly, six per cent of companies do not have a notification process entirely, and 11 per cent of business leaders were unaware if one exists at their firm.

However, 77 per cent of respondents said they have processes in place to address personal data requests, but these only cover internal handling.

Bharat Mistry, principal strategist at Trend Micro, said these findings paint a dire picture of the cybersecurity landscape.

"The GDPR is clear that organisations must find state-of-the-art technologies to help repel cyber-threats and keep key data and systems secure," Mistry said.

"It's concerning that IT leaders either don't have the funds, or can't find the right tools to tackle compliance.

"Organisations need defence-in-depth combining a cross-generational blend of tools and techniques, from the endpoint to the network and hybrid cloud environment."