Infosecurity Europe 2017 Survey: GDPR, the Cloud, and Government Spying

Javvad Malik prepared a survey for the Infosecurity Europe 2017 conference, was there in the AlienVault booth where the survey was completed by 918 attendees, and has written up a delightful summary of the results.

InfoSecurity 2017 took place against a backdrop of change; so much change in fact, that some might call it chaos. The deadline for the GDPR moves ever-closer, but the British government is in a state of disarray at a time when negotiations to leave the EU are underway, all while it’s trying to increase its surveillance capabilities as well. Enterprises are feeling the brunt of these changes. While cloud, in all its various guises, continues to shape digital strategies, we were curious to find out how security professionals were adapting not just to cloud technologies, but also to the increased focus on privacy that the GDPR will bring within the overall context of a government that’s eager to increase its powers.

There were some interesting findings, like some trepidation about cloud security expertise:

Key Findings

• 50 percent of participants think the GDPR’s 72 hour rule of breach notification could do more harm than good, and 42.6 percent reported that they were unsure if they could identify and report a data breach within 72 hours.

• 49 percent don’t have or are unsure if they have data processing agreements with cloud providers, and 28 percent say that the level of cloud security expertise in their organization is either ‘novice’ or ‘not very competent’.

• A significant section of respondents (37.5 percent) said that their organization would refuse to put a backdoor in their product if asked to do so by the government.

• The cybersecurity industry has a dim view of Theresa May’s policies, which seek to undermine information security fundamentals like encryption and threat intelligence sharing.

So many tasty bits! You can read the full report here.