Call us Toll Free (USA): 1-833-844-9468     International: +1-603-280-4451 M-F 8am to 6pm EST

NCC Group’s Global Cyber Policy Radar– Edition 2

Spotlight on the increasing complexity of data privacy landscape

Drawing on its experience and engagement with cyber security policy makers around the world, today, NCC Group releases the second edition of its NCC Group Global Cyber Policy Radar.

The report offers a unique insight into key regulatory changes and policy developments organizations need to be aware of for the remainder of 2024 with a spotlight on data privacy.

Group Head of Government Affairs, Kat Sommer, said: “In today’s rapidly evolving cyber landscape, staying informed is crucial. The NCC Group Cyber Policy Radar delves into the latest developments in cyber regulations, offering insights that are essential for navigating the complexities ahead.

“Governments are enacting plans to harmonize cyber rules. However, the remaining fragmentation and barriers to implementation mean that regulated organizations will have to continue navigating complex and overlapping regulations for some time to come. Responsibility—and in some cases liability—is being firmly placed on senior leaders. It’s therefore critical that organizations’ c-suites have the information they need to make, justify, and defend decisions about their cyber strategy.

“Additionally, governments are cracking down on the use of offensive cyber tools. Poorly crafted rules may affect CISOs’ ability to access these tools, impeding their ability to conduct effective security testing. It’s therefore critical that the industry engages in the making of these rules from the outset – as we are doing through the Pall Mall Process.”

Spotlight on Data Privacy

Through new NCC Group analysis of data privacy fines that have been issued by global regulators, the report also reveals the increasing complexity of the data privacy landscape. Using data collated by privacy, security and data ethics platform OneTrust, NCC Group found that:

  • There have been over 2,700 fines related to data privacy totalling more than $7.3 billion since 2020
  • Of the penalties levied to date, only 14 fines have been issued in the UK and 72 in the U.S., while Spain has racked up over 840
  • Ireland has emerged as the de facto European regulator for multinational technology firms, levying 20 fines accounting for over a third of total worldwide penalties (around $2.7 billion)
  • The public sector is the biggest area of global enforcement – although this only results in a penalty in one in three cases and, when it does, fines are comparatively small (averaging around $130,000)
  • Social media, e-commerce and technology firms are facing significant fines – averaging $65.7 million, $12.7 million and $8.7 million respectively

Kat adds: “While GDPR has become the de facto standard across many countries, these differences in national and sector enforcement – alongside an evolving political landscape and regulators’ increasing focus on what online safety and the widespread adoption of AI means for data privacy – are creating an increasingly complex compliance landscape.”

Download the full report here, which also includes a roadmap for organizations to navigate the complex and ever-evolving cyber security landscape, supporting them in making better-aligned and future-proofed security investments.

Press Release by NCC Group

Media Contact

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 remain open for late entries! Winners Announced October 31, 2024...

X