Ross Brewer, VP & MD EMEA, LogRhythm commented “This report highlights the scope and scale of today’s threat landscape. 60,000 data breaches in eight months may sound extremely high, but it’s not necessarily surprising. The one thing GDPR has done is bring all of the data breaches to the surface. Businesses can no longer sweep them under the carpet in the hope that no one will ever find out – the threat of a €20m fine or 4% of their annual turnover was more than enough for businesses to sit up and take notice.
“What businesses shouldn’t focus too much on is the number of fines that have been issued. According to the report, fewer than 100 have been handed out since the regulations were implemented, however it also reveals that regulators are managing a backlog of notified breaches. Whilst this number may seem low, it’s likely it’s not a true representation of those that will be fined. As we reach the first year anniversary of GDPR, there’s a good chance we will start to see the full force of regulators as they sift their way through existing and future breach notifications.
“What’s important is that businesses do not become complacent. The GDPR regulations were enforced to improve data protection and regulators will have no qualms about penalising those that aren’t complying. Cybercriminals are using increasingly sophisticated tactics and are becoming more persistent every day, and businesses – if they’re not already – need to ensure they are fully prepared. Only by using the right vendors and investing in the right technology that can keep up with the threat landscape effectively, such as NextGen SIEM, User and Entity Behaviour Analytics (UEBA), and Security Orchestration, Automation and Response (SOAR), will businesses be able to detect and mitigate threats as quickly as they need to, and avoid the regulators’ wrath.”