It’s never a dull week in the world of incident response. Data breaches continue to impact consumers from Oregon to Delaware. Data breach laws continue to evolve - we’ve recently seen nine states pass new and expanded data breach notification laws. And the list of industries at risk of a data breach continues to grow, according to a recent report that found news industry websites to be a new target for nefarious actors.
A silver lining in the face of these daunting challenges? Ours is an industry replete with data, reporting, and best practices to further educate our privacy programs and inform our improvements in pursuit of a strong culture of compliance. Here are a few of the reports and surveys we at RADAR have been reading this week:
Impacts Beyond Regulatory Fines: The ramifications of poor incident response reach beyond regulatory fines. Half of IT decision makers surveyed found cybersecurity issues put merger or acquisition deals in jeopardy. Undisclosed data breaches are considered an immediate deal-breaker according to 73% of those surveyed.
The State of Security: A recent report from Tripwire indicates that security teams are still struggling to define a data breach in a post-GDPR world. IT professionals are uncertain about which types of cyber incidents require disclosure, or whether attacks meet the threshold that would require breach notification to regulators.
Growing Influence of Privacy within Organizations: TrustArc and the IAPP have released their annual report, How Privacy Tech is Bought and Deployed. Among other findings, information security teams continue to have budget for purchasing incident response tools, though the privacy and data protection offices are increasingly influential in purchase decisions.
If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at firstname.lastname@example.org.