Overwhelming number of UK CIOs from financial services firms are not prepared for the EU General Data Protection Regulation (GDPR), according to a report published by Egress Software Technologies.

The survey revealed that 84% of the respondents admitted concerns that their current information security policies and their procedures are not sufficient to comply with the new regulation.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Nearly three-fourth (74%) of the respondents said they intend to tighten up data sharing processes as a result.

The study found that majority of financial services firms are frustrated that even when technology such as encryption is made available to enable secure ways of working, employees aren’t using them.

The report also revealed that merely 16% of boards in financial services firms are prioritising accidental breach, with 42% emphasising external hackers and 30% malicious insiders.

The recently ratified EU GDPR legislation, due to come into effect in 2018, will include a mandatory notification clause – forcing companies to report data breaches within 72 hours. Companies will face heavy financial penalties of up to EUR20m or 4% of annual worldwide turnover, whichever is greater.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Despite this, the report says, only 16% of financial services organisations have confidence in their current data security processes and procedures.

Furthermore, 78% of CIOs are frustrated that users avoid the tools provided to share information securely, with 85% believing this lack of cooperation from users is increasing their risk of data breach, the report added.

Egress CEO Tony Pepper comments: “The news of Brexit will not change this: it is likely that organisations will still be subject to EU regulation for some time until the official leave date, while the ICO may prefer to retain the GDPR as the UK’s rigorous data protection standard rather than creating an entirely new one from scratch.

“While it is critical for firms to have strong defences to stop external hackers, this should not come at the expense of protecting against the very real threat posed by human error. By enforcing mandatory reporting of data breaches, the GDPR is going to shine a light on many misdemeanours that might have otherwise been brushed under the carpet, so it could prove very costly if organisations don’t act now and reorganise their priorities.”