According to a report published by BitSight on 4 December 2018, “Are the New European Cybersecurity Regulations Working?”, geographic location is a reasonable indicator of an organisation’s cybersecurity performance. There are regular occurrences of cybersecurity compromises around the world, with some sectors such as Technology consistently performing weaker than others. Companies in the Finance sector continue to be the world’s strongest cybersecurity performers, due to their high regulative overlay. While “continental cybersecurity performance continues to decline”, in Europe, cybersecurity performance is improving to an extent unlike any other continent in the world.
The General Data Protection Regulation (GDPR) officially went into effect in the European Union in May 2018. The GDPR is a landmark European Union law, that sets significant punitive fines at up to 4% of global revenue if organisations do not implement a broad set of cybersecurity requirements in certain circumstances. In the months following the implementation of the GDPR, European security performance has consistently improved and now significantly surpasses all other continents. In this same time frame, Oceania’s cybersecurity performance has spiralled downwards.
BitSight states “the chorus for GDPR-style regulation is growing internationally”. The statistics certainly support this. However others argue that countries like the US demonstrate significant competitive advantage in developing highly valuable big data and social media intellectual property because of the lower regulatory environment encouraging innovators. The value to economies of these industry segments is significant.
This post includes contributions from Sara Zokaei Fard.