Andrea Danti - Fotolia
Particularly in the private sector, organisations have tended to have a “take it or leave it” attitude towards encryption.
It has very much been a “nice to have” rather than a “must have”. However, these organisations’ customers and employees are becoming increasingly aware of data protection issues and encryption has consequently become more mainstream. Also, the new EU General Data Protection Regulation (GDPR) will be a game changer for businesses when it comes into effect in 2018.
With both this rise in awareness and the GDPR mandating the use of encryption, it is no surprise that analysts are predicting that the information security market will achieve a compound annual growth rate (CAGR) of 24% until 2020. So, all in all, there has never been a better time to be talking to customers about their data protection strategies, and specifically encryption.
Preparing for the GDPR
Despite the Brexit vote, businesses in the UK will still be bound to comply with the GDPR for as long as the country remains a member state, and after that, the ICO has implied that it will enforce very similar legislation. The impact is therefore expected to be significant.
For the first time, encryption is being established as a data protection standard to which responsible organisations must adhere, and failing to do so opens up the potential to huge fines. Under the GDPR, companies can be fined up to 4% of global turnover or €20m – whichever is higher – for a breach. This means that TalkTalk, for example, could have been fined £70m, rather than the £400,000 fine the ICO handed out.
Coupled with the fact that the legislation also mandates that all breaches be disclosed, regulators are likely to be handing out more fines than ever before. On a practical level, this means that bringing in effective encryption tools is critical for any company trying to make sure it is prepared ahead of 2018.
Yet nearly nine out of 10 CIOs admit their current information security policies and procedures not only put their company at risk, but could also expose them to large fines under the GDPR.
As a result, more than 73% of those surveyed said they were committing to tightening up data security in the near future to try to avoid falling foul of the new regulations.
So what does this all mean for the channel? Firstly, the general awareness will make conversations with businesses easier. Now that companies’ employees are using encryption in their daily lives – with WhatsApp, for example – they will feel more comfortable with the concept, helping IT to encourage user adoption and therefore helping the channel to provide solutions that stick.
Secondly, the GDPR creates urgency, freeing up budgets by pushing encryption further up the business agenda. With a huge number of industries set to be affected by the new regulations, the channel can play a vital role in educating customers on its ramifications, helping to consult on and create data protection strategies that fit their businesses.
The channel has a great opportunity to play the role of a trusted adviser, helping organisations make the right choices to fit their business. For example, talk to them about what kind of data they have, how it is used, who needs access to it – both from an internal perspective, and also within their network of trusted partners – and identify where and when it is most at risk, such as when it is being shared. Further to this, by understanding how data is used and by whom, the channel can advise on a solution that will best fit their business.
The channel should seize this opportunity to get conversations started; otherwise they could be leaving money on the table.