A massive one-fifth of organisations haven’t allocated budget to information security and data protection in the last 12 months.
A new report from the Business Continuity Institute (BCI) and Mimecast that benchmarks how organisations handle sensitive data and their resiliency in relation to data protection, also found that:
* 15% of organisations don’t know whether they have suffered a data loss incident in the last 12 months; and
* More than a quarter (27%) of businesses reveal human error is the reason for data loss.
This is despite the fact that the EU General Data Protection Regulation (GDPR) is due to come into force in May 2018.
Meanwhile, 97% of organisations use emails at least once a day, however according to Mimecast’s own research — and a massive 32% of South African organisations believe their email system contains personal and sensitive data as defined by the EU GDPR.
However, only 25% of South African organisations are confident they could retrieve this personal or sensitive data immediately. Instead, it would take an average of six hours for them to find and retrieve personal or sensitive data.
Mayur Pitamber, cyber resilience expert at Mimecast, comments: “Business continuity professionals are looking closely at the incoming GDPR legislation but it’s clear that more needs to be done to combat data loss down to human error.
“Employees are an organisation’s most valuable asset and the cyber resilience responsibility needs to be shared with everyone to improve the response to new cyber threats.
“Organisations must have a holistic plan that embodies security, business continuity, data protection and end-user empowerment; and to ensure the entire organisation is educated, engaged and involved in planning and response, from the boardroom to IT and beyond.”
Patrick Alcantara DBCI, research and insight lead at the BCI , adds: “Information security and protecting customer data are emerging as top concerns for organisations worldwide. For one, with the EU General Data Protection Regulation coming into force next year, it places greater obligations to safeguard sensitive data. The BCI Information Security Report in association with Mimecast is a timely reminder for organisations to adopt good practice in order to respond to these changes.”