Digital threat leader RiskIQ, has discovered that one third of web pages belonging to 30 companies within the Financial Times Index are collecting personal data without adequate security measures, potentially breaching GDPR guidelines.
RiskIQ’s research found 120,072 live websites belonging to the companies and 18,457 pages across those sites that collect personal data. 35 per cent of these pages were found to be collecting data insecurely. The research suggests that with an average of 615 login and data collection forms spread across an average of 4002 web sites per organisation, businesses are struggling to gain a complete view of their security and compliance postures ahead of the GDPR deadline.
With a chronic skills shortage and cyber threats at an all-time high, the findings highlight one of the key challenges businesses face in the protection of Personally Identifiable Information (PII) as required by GDPR. A recent survey by RiskIQ identified data breach as a top fear cyber security leader’s face in 2018 yet 67 per cent don’t have sufficient staff to handle the daily barrage of cyber alerts they receive.
Fabian Libeau VP EMEA at RiskIQ explains: “Companies that haven’t already implemented encryption for all collection and transmission of personal information will have missed the boat in order to comply with the fast approaching regulation.”
“Now more than ever companies need to be aware of their digital footprint. With the ever expanding volume of PII it’s crucial companies ensure they are tracking all of their digital assets and consistently monitoring for potential breaches and gaps in their security.”