<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
GDPR

Cybersecurity in Europe is Improving: Thank You GDPR?

Jake Olcott | December 4, 2018

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever. 

But let’s think about the bigger picture. Is GDPR working? How would we know?

For years, global policymakers have struggled to develop effective responses to cyber threats, in part because we just don’t have the data to help us understand what’s actually happening in cyberspace. Think about it — if you’re a U.S. policymaker considering ways to address American unemployment, you can turn to the Department of Labor’s Bureau of Labor Statistics for data that measures labor market activity, working conditions, and price changes in the economy. Or the U.S. Census Bureau for quality data on personal and economic issues. When it comes to cyber crime, there’s just not much to work with — the U.S. Bureau of Justice Statistics last updated its information in 2005. There’s no objective data set to turn to for cyber vulnerabilities, cybersecurity performance, cyber risks, or anything similar.

BitSight is trying to change this dynamic. Thanks to our massive data collection and processing techniques and capabilities, BitSight is able to collect, evaluate, and measure cybersecurity performance across global organizations, providing unique and valuable insight into global, regional, and sectoral performance trends across different sized organizations. 

When BitSight recently analyzed security performance across more than 140,000 organizations worldwide, the findings were surprising. While our research found a steady decrease in security performance across all regions of the globe, organizations within continental Europe actually improved their security performance over the last year. Some of the areas that organizations have improved on include the implementation of stronger controls to reduce Internet exposed services (open ports). These improvements align well with the lead-up to the implementation of GDPR, and continue after the effective date.

Cybersecurity Performance by Continent Security Ratings Cybersecurity Performance by Continent

 

Effectiveness In Reducing Internet Exposures (Open Ports)Effectiveness in Reducing Internet Exposures (Open Ports)

european cybersecurity regulationsSecurity performance data may be useful to policymakers as they consider the impact of existing regulations like GDPR, but also future policies and regulations. Policymakers in the U.S. and abroad will continue to consider implementing regulations based on GDPR that will protect citizens from poor data security management. Already we are seeing many calls to adopt similar legislation elsewhere around the world, including Apple’s Tim Cook who, in late October at the Conference of Data Protection and Privacy Commissioners in Belgium, proposed the U.S enact a GDPR-like policy. This summer, California passed legislation imposing stronger privacy regulations for companies doing business in the state and some are pushing for that same regulation at a federal level.

How will policymakers judge the necessity or effectiveness of these efforts? On what sectors should they spend their time and focus? On what sized companies? What data will they use? How will they model the impacts?

Global policymakers must begin thinking about the essential elements that will be necessary to build a lasting legal and policy framework to address these significant cyber risks. The Bureau of Labor Statistics was established in 1913; as we think about the next 100 years, and all of the changes that will come to our globe as a result of technology and interconnectivity, is there be any doubt that independent, quantitative cybersecurity data will be critical to our society?

View the December 2018 BitSight Insights report to learn more about the cybersecurity performance of different industries around the world and find out how the new European cybersecurity regulations are working.european cybersecurity regulations

Suggested Posts

Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...

READ MORE »

A Breakdown Of Terms In The General Data Protection Regulation (GDPR)

If your company processes the data of individuals who reside in the European Union, the General Data Protection Regulation (GDPR) is likely a hot topic around the office right now. Once the regulation goes into effect in May 2018,...

READ MORE »

The 8-Part GDPR Compliance Checklist For Prepared Organisations

The May 2018 deadline for General Data Protection Regulation (GDPR) compliance is drawing closer—which means your organisation’s compliance activities should be well underway. But if you’re still looking for a place to start, here’s a GDPR...

READ MORE »

Subscribe to get security news and updates in your inbox.