Report: GDPR Preparedness: An Indicator of Cyber Risk Management
The EU General Data Protection Regulation (GDPR) is the most significant overhaul of privacy law in a generation, introducing sweeping changes to Europe’s data protection and privacy rules. It establishes strict global requirements governing how organizations that do business in the EU must manage and protect personal data, while strengthening the privacy rights of individuals in the EU wherever they reside. It also serves as a force for growth and innovation, encouraging organizations that do business in the EU to adopt more rigorous data protection protocols and modernize their business practices for a data-driven world. As a result, one of the most noticeable knock-on effects of complying with the GDPR is not mentioned in the text of the new rules: an improvement in the ability to manage and respond to ever-evolving cyber risks.
This strong correlation was underscored by a recent survey of over 1,300 executives representing a range of industries and organizations worldwide. Respondents who said their organization was developing a plan or fully compliant with the new rules were more than three times as likely to adopt some cybersecurity measures — and more than four times as likely to adopt some cyber resiliency measures — as were those who had not started planning. Respondents with a higher level of GDPR readiness were also more than 1.5 times as likely to purchase or strengthen their cyber risk insurance, which can potentially help offset the financial impact of a cyber event (see Figure 1).