Public Services > Central Government

Half of organisations would rather accept a fine than report a data breach, report reveals

David Bicknell Published 05 October 2017

McAfee report suggests many could not meet GDPR’s 72 hour breach reporting requirement, while 70% of respondents believe GDPR will make Europe world leader in data protection


As GDPR looms, almost half (47% of organisations would prefer to accept a fine rather than publicly announce a data breach, a report from security company McAfee has revealed.

The report, “Do you know where your data is? Beyond GDPR: Data residency insights from around the world" , suggests many organisations will not able to meet one of the General Data Protection Regulation’s (GDPR) biggest requirements: reporting breaches within 72 hours of becoming aware of it. It typically takes organisations 11 days on average to report a breach.

The report says data migration and residency decisions are becoming board-level agenda items within the public sector, as geopolitical and regulation changes affect the financial and reputation-related repercussions associated with insecure data storage and management.

McAfee said its report found a correlation between preferred location and perceptions of how stringent data laws are in that country, concluding that GDPR will eventually encourage even more organisations to move their data to be held in the EU. In fact, the report says, the UK is already the third most popular country when it comes to choosing where to store enterprise data.

The report also found that nearly half (48%) of organisations say they will migrate data as a result of regulation or changing government policies; 63% of respondents believe Brexit already has – or will – impact technology acquisition investments for their organisation; it currently takes 11 days on average to report a breach – yet the GDPR will mandate breach notifications be made within 72 hours; and 53% of senior business decision-makers surveyed globally were unsure of the geographical storage location of their physical data..

Based on a survey of 800 senior business decision-makers from across multiple industry sectors and eight countries, the report provides a view of how organisations view 11 key data regulations from around the world, including the EU’s GDPR, which will toughen and simplify laws protecting personal data for over 500 million people residing in the European Union once implemented in May 2018.

Seventy percent of respondents believe the implementation of GDPR will make Europe a world leader in data protection; however, the United States remains the most popular data storage destination, preferred by nearly half of all organisations surveyed.

“It’s critical that businesses do everything they can to protect one of the world’s most valuable assets: data,” said Raj Samani, chief scientist and Fellow at McAfee. “The good news is that businesses are finding that stricter data protection regulations benefit both consumers and their bottom line. However, many have short-term barriers to overcome to become compliant, for example, to reduce the time it takes to report a breach.”

The report also found that data protection can deliver commercial advantage. 74% of respondents believe organisations that properly apply data protection laws will attract new customers. However, 51% of all respondents say their organisation is being held back from technology investment because of external data protection regulations.

Public opinion is also becoming key in data decision-making. 83% of organisations take public sentiment towards data privacy into account when making data residency decisions.

The survey also found that organisations are more comfortable putting their faith in cloud service providers. Eight in 10 respondents organisations are planning, at least in part, to leverage their cloud service provider to help achieve data protection compliance.

Overall, the report reveals conflicting beliefs about data protection regulations. Although global events and a tightening of data protection rules makes senior decision-makers pause when determining their company’s technology investment, most organisations tend to store their data in those countries with the most stringent data protection policies.

Although businesses might not like strict compliance laws, they are beneficial to both customers and a company’s bottom line, even providing a competitive advantage in some cases. Moving forward, the report says, increased awareness and understanding about a company’s data assets will lead to better usage and protection.  

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.