A study conducted by the Ponemon Institute on behalf of Edelman reveals that organizations from all around the world are unable to address their customers’ concerns about privacy and security. Many of them lack the compliance practices and business behaviors necessary for addressing these concerns.
The Edelman Privacy and Risk Index – based on the responses of 6,400 executives – shows that 57% of companies don’t see the protection of personal information and privacy as priorities. Furthermore, 61% of companies don’t enforce all levels of compliance to make sure regulations and laws are met.
In many cases, the problem appears to lie in the fact that organizations lack the technology, the expertise, and the training. On the other hand, 55% of respondents simply say they don’t have the necessary resources.
Lack of transparency is another issue. Over half of those who have participated in the study reveal that the company they work for is not transparent about the protection of personal information, and 61% encounter difficulties when it comes to responding to privacy complaints.
All these factors have the potential of leading to loss of consumer trust.
“The Edelman Privacy and Risk Index shows that despite growing regulatory pressures, relentless attacks and greater risk driven by the cloud, BYOD and mobile computing, that organizations are still not prepared to handle security, privacy and compliance risks,” Nick Cavalancia, VP of SpectorSoft – an employee monitoring software provider – told Softpedia.
“Although these findings are validation of what most security and risk professionals already know, there is some valuable learning that organizations should take from the conclusions,” Cavalancia added.
“Most importantly, organizations should do a deeper internal assessment that looks at employee digital behaviors online, on their work computers and mobile devices, not just at the defensive effectiveness of systems and devices,” he said.
“They also need to reevaluate budgets, making sure that sufficient resources are applied to security, privacy and compliance. While throwing money at problems isn’t always the answer, not having enough dedicated to where it is needed will definitely open gaps that cyber criminals will exploit.”