Rise of global data regulations benefits CIOs
Data Privacy and Security

Rise of global data regulations benefits CIOs

GDPR, the General Data Protection Regulations, defined 2018 for many information and technology leaders in Europe, but the reach and impact of GDPR globally is only just beginning to be felt and the result is that CIOs and CTOs across the globe are having to respond. 

10 countries across the globe are passing new regulations that are in-line or in some cases almost identical to GDPR. In 2020 the Consumer Privacy Act comes into force in California and legal experts expect similar regulations to be adopted across a number of states in the USA, creating in effect a national regulatory framework. As a result, data and information governance is driving security standards and implementations. 

In the GDPR-regulated area the law has been an opportunity for CIOs to cleanse and reorganise information strategy. Sabah Khan-Carter of international media company News Corp described GDPR as an opportunity to ensure only the data that provides measurable value to the business is to be retained.  As the regulatory tide builds, it is not only an opportunity to improve information management, some organisations are realising that in order to remain compliant, and benefit from new business models, their infrastructure needs modernisation.

"Regulation is driving a lot of data centre and network improvements," say Rich Harper of NTT Professional Services, the consulting arm of the telco company that is now a significant global provider of technology managed services. "The regulations are good and they are positive for business. The industries that hold a lot of information are being the most aggressive at modernising their information infrastructure."

Harper believes the regulatory environment is playing a part in wider security improvements. "Even though security is expensive it is right and proper to do it right. It is still cheaper than to fail," he says as organisations adopt a similar mantra of airlines towards information security. In the airline sector professionals talk of safety being expensive, but a lot cheaper than an accident. With regulations like GDPR threatening 4% of global revenues, the same approach is piloting its way into business technology discourse.

"I do think there is a shift as the whole organisation knows they have to have a security understanding of how to protect themselves.

"We worry about a false sense of security though. Although there has been a shift, there are some organisations that meet the regulations, but there are areas of the organisation that are not secure," Harper warns. NTT Professional Services surveyed major businesses and found 47% believe they had never been breached, closer analysis found 90% of those surveyed had suffered a breach of some kind.

For many organisations their own team remain the chink in their armour. Harper describes information security as a "three-legged stool" of people, process and technology - as all business outcomes are. "If one of the legs is not working right, then the security can be compromised."


Security posture

Security, in some organisations has suffered the same fate as staff training, both are cut at the hint of a tightening of budgets. But Harper says that research by his organisation indicates a permanent place on the budget line and he attributes this to the increased regulatory environment.

"I think it is a risk-reward debate that organisations are now having. Previously the reward didn't make sense, [but] with the regulations, those discussions on the risk of not investing now make sense. It is not a common pattern, but some boards are more proactive, while for others security is an after-thought, especially if there is a need to get to market first," Harper says.


Security shortage

As organisations increase their security focus they are realising there is a shortage of information security skills on the market, this in turn is reshaping the relationship between service providers, buyers and the insurance sector.

Industry analyst house Cybersecurity Ventures predicts there will be a shortfall of 3.5 million security staff globally by 2021. This will in all likelihood increase the collaborative relationship between CIOs and the service providers.

Technology providers will also increase the number of partnerships between them, as no single vendor will have all the skills necessary to deliver on the needs of CIOs.

Harper believes the rise in organisations adopting cybersecurity insurance is also helping CIOs get investment for information security, but there is some cynicism towards cyber insurance. "I think it is a good tool, especially in those industries that have a lot of data. Signing up for insurance helps with the risk-reward conversation as it encourages the business to have a better security posture."

He warns that organisations must not get a false sense of security. "We have seen customers that have bought insurance who are then surprised when they find they are not covered. The insurance relies on good governance, so you need to be up-to-date on patching etc. Otherwise you are not getting the benefit of the policy."


« The CMO Files: Ian Howells, Sage Intacct


C-suite career advice: Brent Rasmussen, Carrington Mortgage Holdings »
Mark Chillingworth

Mark Chillingworth has over 20 years of journalism and editing experience across media platforms including online, live events, print magazines and television. From 2010 to 2016 he was editor in chief of the award-winning CIO UK. In 2011 he created the CIO 100, an annual power list of the UK’s most transformative CIOs.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends


Do you think your smartphone is making you a workaholic?