The majority of information security executives range from ambivalent (at best) to downright dismissive (at worst) about the intentions, effect and pertinence of security regulations.
One PwC analyst called these numbers scary, but which is scariest? Is it the comparatively low number of respondents who are in compliance? Or the shockingly high number of respondents who cop to not complying even though they know that they have to? Or could it be the startlingly low number who believe that the regulations apply to them?
These numbers represent the respondents not only in the developing economies but also in countries, such as the US, where regulations are stringent and pervasive. Interestingly, just 11 percent of respondents said they needed to be in compliance with California’s SB 1386 law, which mandates that companies report breaches of personal data to consumers. Any company that has even one customer in California (US) must comply with the law. Similarly, more than half said they didn’t need to comply with Sarbanes-Oxley, and four out of ten respondents in the health care industry said that the Health Insurance Portability and Accountability Act (HIPAA) didn’t apply to them, which seems impossible on the face of it. Of the companies reporting from Europe, 45 percent of the respondents said that they needed to comply with the European Union Data Privacy Directive. Only forty-one percent are in compliance.
See full Article.
Posts
