Since the introduction of the GDPR in Europe last May, 59,000 data breaches have been reported. Of these leaks, 15,400 came from the Netherlands, according to a report by law firm DLA Piper. So far, only 91 fines have been imposed.
This report examines the size of the current threat landscape. Nearly 60,000 data breaches in eight months’ time sound serious, but are not necessarily surprising. The GDPR has simply uncovered all the data leaks. Companies can no longer sweep them under the carpet in the hope that no one will find out. The threat of a EURÂ 20Â million fine or 4% of their annual turnover was more than enough to wake up businesses.
Companies should not focus too much on the number of fines imposed. The report states that less than a hundred have been issued since the introduction of the regulations, but it also shows that supervisors are faced with a backlog of reported leaks. Although the number of fines appears to be low, it is not a realistic representation. As we reach the first anniversary of the GDPR and as supervisors pave their way through reports of existing and new leaks, their full power comes to light.
It is important that companies do not think too lightly about it. The GDPR rules are designed to improve data protection and enforcers will not hesitate to punish those who do not comply with these rules. Cybercriminals are becoming more agile and persistent every day, and companies need to be prepared for this if they are not already prepared. Only by engaging the right vendors and investing in the right technology that can actively monitor the threat landscape – such as NextGen SIEM, User and Entity Behaviour Analytics (UEBA) and Security Orchestration, Automation and Response (SOAR) – will companies be able to detect and mitigate threats as quickly as possible. And they avoid the wrath of the supervisor.
This is a submission from Ross Brewer, VP and MD EMEA to LogRhythm. Through this link you can find more information about the possibilities of the company.