Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • DE
Tuesday 29 March 2016 9:57 am

Cyber security: Why the EU General Data Protection Regulations will be game changing for unreported cybercrime

By: Hayley Kirton

Add as a preferred source on Google

A report by the Institute of Directors (IoD) and Barclays recently highlighted that one quarter of organisations had suffered a breach in the last twelve months, although only 28 per cent had reported it to the authorities. It is believed that the actual numbers of attacks could be higher.

The fact is that there are still a large number of organisations simply not aware of incidents, or that don’t have the technology or processes in place to identify or respond to a data breach involving personal information. In many instances, attackers can go undetected and access sensitive information for months before being discovered.

Moreover, the scope of where personally identifiable information (PII) resides – from phone numbers to IP addresses and credit card details – is often far wider than many organisations may have considered.

However with the impending EU General Data Protection Regulations (GDPR) expected to come into effect in early 2018, this will need to change. The race is on for organisations to start preparing now with an IT infrastructure and processes which will protect personal data and meet GDPR requirements.

Read more: Firms failing to tackle social media security threats

Under these new laws, if there is a data breach, they will have to inform the authorities "without undue delay and, where feasible, not later than 72 hours after becoming aware of it". Failure to comply will come with fines which could be up to four per cent of an organisation's annual revenue.

One of their biggest challenges is to get a handle on how and where they collect, process and store PII. Specific databases, HR and financial software can be identified easily. Working out their corresponding security strategies is a challenge but well understood. However, it’s not only applications such as these that store personally identifiable information; normal user activities like logging into social media, online banking or remote access also produce PII in the form of access credentials, cookies and geolocation data and get recorded in system and application logs.

Since organisations have obligations to store log files for years – depending on the industry and compliance regulations – over time a hacker or, even a malicious insider, could collect many different forms of data to create an holistic picture of an individual.

Read more: Cyber experts not sharing as much as they should

We may not be able to change this user behaviour, but organisations can take steps to mitigate the risk by collecting information in a way that is secure, encrypted and anonymised to ensure it cannot be linked to an individual. With targeted attacks on the rise, they also need to improve the way they are able to detect unusual behaviour, with monitoring tools that can identify, for example, if a user’s account has been hijacked, so that attacks don’t go undetected for months.

As organisations can only report what they know about, visibility of where data is, and unusual activity, will be key.

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • Opinion

Categories

  • Opinion

Trending Articles

  • Citroën 2CV returns as a £13,000 electric car, and the timing is no accident

  • The former African gold miner taking on the billionaire Issa brothers

  • Wimbledon: HMRC set to slap Sinner and Noskova with £1.6m tax bill

  • Barclays and Lloyds back calls to digitalise UK markets and unlock £33bn boost

  • Rachel Reeves to unveil next steps for ring-fencing reform at Mansion House

More from City PM

  • Endava Partners with Wiz to Deliver Integrated Cloud Security for Enterprise AI Adoption

    Business Wire
  • New Research Shows Prioritisation of Digital Twins and AI Initiatives to Accelerate Predictive Insights and Infrastructure Resilience

    Business Wire
  • Survey: Nearly All European Organisations Feel Pressure to Scale AI for Customer Experience, Yet Only 38% Have a Clear Approach to Governance

    Business Wire
  • Convertr Appoints Greg Jordan as Chief Product Officer to Strengthen Data Governance for Enterprise B2B Programmes

    Business Wire
  • Industry Execs Think Digital Transformation Is Working – but Staff Still Rely on Shadow IT to Get the Job Done

    Business Wire
  • The shift from black box to glass box in AI translation

    Partner
    Glass Box AI and THG Fluently collaboration visual depicted in a modern business setting with digital interface elements
  • Fastmail Launches EU-Hosted Email Infrastructure, Giving Customers Control Over Where Their Data Lives

    Business Wire
  • ARIS Announced as Exclusive Process Intelligence Launch Partner for AWS European Sovereign Cloud

    Business Wire

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy · Facebook