There was no shortage of talking points on data protection in 2018, from concerns over data risk and compliance requirements to the challenges of operational complexities. When we surveyed some of the most prominent trends and themes from the last year, three topics stood out among the many facets of these core cybersecurity challenges: regulatory compliance, data breach protection and risk management.

As we settle into 2019, let’s take a closer look at what we learned in the past year and explore how organizations around the world can improve their data security posture in the long term.

Navigating Your GDPR Compliance Journey

When the General Data Protection Regulation (GDPR) took effect last May, companies were seeking guidance and best practices to address their compliance challenges. Although this sense of urgency is beginning to diminish, the demand for data privacy controls will only increase as organizations across industries and geographies adjust to the post-GDPR world.

In January 2020, the California Consumer Privacy Act (CCPA) will go into effect, and Brazil’s data protection law, Lei Geral de Proteção de Dados Pessoais (LGPDP), will kick in the following month. Many of the processes and requirements — not to mention the benefits — associated with GDPR compliance will be highly relevant to organizations’ preparations for these new regulations. In the year ahead, security teams should continue to focus on:

  • GDPR readiness: Complying with GDPR can require changes across nearly every aspect of your business, from customer communications to social media interactions and data protection processes for handling and storing personal and financial information. Analyze your GDPR readiness and kick-start compliance with this five-phase GDPR action plan.
  • How to report a breach: The GDPR requires companies to report a breach within 72 hours of their becoming aware of it, where feasible — an unprecedented timeline. Be sure to understand the requirements for reporting a breach, from the root cause to the assessment of the scope and the mitigation action plan.
  • GDPR and business success: Beyond the challenges and demands of compliance, the GDPR can be good for your business. When managed appropriately, compliance can help drive the organization to a more robust and future-proof security posture.

Data Protection Is a Hot Topic as Breaches Soar

Given that 27 percent of organizations will experience a recurring material breach in the next two years — coupled with the rapid proliferation of attack vectors such as the internet of things (IoT) — it’s no surprise that data security was top of mind for security professionals in 2018. Below are some of the salient themes:

  • Avoiding breaches: Data breaches are on the rise, due in part to an increase in the number of attack vectors created by complex IT environments. Yet many of these breaches are preventable. While every organization’s challenges are different, some of the most common data security mistakes can put enterprise and customer data at serious risk.
  • Responsibility: Who is responsible for data risk management? Blamestorming — the unpleasant, often futile process of pointing fingers — often follows a breach. By determining who is ultimately accountable before a breach, the C-suite can help prevent a breach in the first place and avoid the blamestorming.
  • Maintaining control over data: With the increasing number of ransomware variants, it’s critical to augment ongoing user education with technical controls and processes for optimal protection. Yet these measures can only do so much; technologies and processes that deliver preventive protection and instant remediation can help you maintain control of your data in the face of an attack.

Gain the Upper Hand Through Risk Management

Hand in hand with concerns about breaches, organizations are proactively seeking ways to understand, reduce and mitigate the risks that lead to these breaches. The third most popular topic covered a variety of risk mitigation and management themes that can help organizations on their journey toward smarter data protection, including:

  • Formalizing processes: Proactively finding and protecting the crown jewels is the only pre-emptive advantage organizations have in the battle of the breach. Creating and deploying formal risk management processes can help organizations evaluate information assets and the vulnerabilities that threaten to compromise them.
  • Structured versus unstructured data: Both structured and unstructured data are core business assets. That’s why it’s important to understand the differences between them and key considerations for assessing the risk levels for both structured and unstructured data when building a data protection strategy.

As you grapple with today’s data privacy, protection and risk management challenges — and prepare for tomorrow’s — these lessons, best practices and expert opinions from 2018 can help guide your security strategy and improve your data protection posture in 2019 and beyond.

Learn more about data protection

More from Data Protection

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…