Businesses only have six months to prepare for the EU's General Data Protection Regulation (GDPR), but a recent study has found that they're still greatly confused by the details.
According research conducted by cyber security firm Trend Micro, there's a great deal of confusion among businesses about such regulations.
The study quizzed more than 1,000 global IT decision-makers about their thoughts around data protection laws and regulations, with 30 per cent being unable to agree what "State of the Art" security requirements actually entail.
There were a number of core findings in the study. In particular, 30 per cent of businesses define "State of the Art" security has buying a cyber security protection product from an established market leader.
Meanwhile, 17 per cent believe that it's using products that pass third-party tests. And 16 per cent said they think the term responds to products that have been rated highly by analyst reports.
Additionally, 14 per cent said it covers start-ups providing innovative security products, and worryingly, 12 per cent of IT bosses are more concerned about the prices of products rather than if they meet GDPR requirements.
Bharat Mistry, principal security strategist for Trend Micro, said: "There are many hurdles for businesses to overcome in establishing GDPR compliance - trying to demystify what ‘State of the Art' means is but another challenge on the list.
"Regulatory enforcement bodies should offer further clarification on what ‘State of the Art' means, so businesses can ensure they're not stepping into a fine once May 2018 arrives."
The report also found that businesses struggle when having to report a data breach to regional data protection authorities and customers.
Just 63 per cent of businesses have a significant notification process in place, and in countries like the US, firms have to deal with this issue on a state-by-state basis. That can slow down processes.
However, going against GDPR guidelines, 21 per cent of respondents said their companies have processes in place but avoid telling customers about data breaches.
Due to the fact that there's a lack of specific approach definitions offered by data protection authorities, companies are struggling to put the right mechanisms in place to protect customers.
Intruder identification technology is the most commonly implemented solution, with 34 per cent incorporating it into their companies.
Data leak protection (DLP) products follow closely, with 33 per cent using them. 29 per cent are using encrypted hardware to protect data.
Despite these investments, the research reveals that companies are failing to take steps to qualify their approach to this technology - relying on single purpose or legacy defences.
"Educating employees and updating data protection policies is all well and good, but if corporate data isn't protected, intruders can't be detected, and if protections aren't in place to prevent data leaks, businesses don't have a cybersecurity strategy," Mistry continued.
"There's no silver bullet to cybersecurity; it's an all-encompassing war in which multiple techniques are necessary to fight hackers' increasing pragmatism. Any business that doesn't realize this quite simply won't be compliant with the regulation."
Computing's Enterprise Security and Risk Management Summit will be held on 23rd November at the Hilton Tower Bridge in central London. Register now to confirm your place.
Use the same password for every website? It might be time to change them all
Applicants for parking bay suspensions put at risk of credit card fraud by Islington Council
Robert Swan appointed interim CEO after Brian Krzanich's departure
Should you link your data sets to add value, or leave them separate to reduce risk?