Cybersecurity in Europe is Improving: Thank You GDPR?

Jake Olcott | December 4, 2018

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever. 

But let’s think about the bigger picture. Is GDPR working? How would we know?

For years, global policymakers have struggled to develop effective responses to cyber threats, in part because we just don’t have the data to help us understand what’s actually happening in cyberspace. Think about it — if you’re a U.S. policymaker considering ways to address American unemployment, you can turn to the Department of Labor’s Bureau of Labor Statistics for data that measures labor market activity, working conditions, and price changes in the economy. Or the U.S. Census Bureau for quality data on personal and economic issues. When it comes to cyber crime, there’s just not much to work with — the U.S. Bureau of Justice Statistics last updated its information in 2005. There’s no objective data set to turn to for cyber vulnerabilities, cybersecurity performance, cyber risks, or anything similar.

BitSight is trying to change this dynamic. Thanks to our massive data collection and processing techniques and capabilities, BitSight is able to collect, evaluate, and measure cybersecurity performance across global organizations, providing unique and valuable insight into global, regional, and sectoral performance trends across different sized organizations. 

When BitSight recently analyzed security performance across more than 140,000 organizations worldwide, the findings were surprising. While our research found a steady decrease in security performance across all regions of the globe, organizations within continental Europe actually improved their security performance over the last year. Some of the areas that organizations have improved on include the implementation of stronger controls to reduce Internet exposed services (open ports). These improvements align well with the lead-up to the implementation of GDPR, and continue after the effective date.

Cybersecurity Performance by Continent Security Ratings Cybersecurity Performance by Continent


Effectiveness In Reducing Internet Exposures (Open Ports)Effectiveness in Reducing Internet Exposures (Open Ports)


How will policymakers judge the necessity or effectiveness of these efforts? On what sectors should they spend their time and focus? On what sized companies? What data will they use? How will they model the impacts?

Global policymakers must begin thinking about the essential elements that will be necessary to build a lasting legal and policy framework to address these significant cyber risks. The Bureau of Labor Statistics was established in 1913; as we think about the next 100 years, and all of the changes that will come to our globe as a result of technology and interconnectivity, is there be any doubt that independent, quantitative cybersecurity data will be critical to our society?

View the December 2018 BitSight Insights report to learn more about the cybersecurity performance of different industries around the world and find out how the new European cybersecurity regulations are working.european cybersecurity regulations

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...


Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...


Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...


Subscribe to get security news and updates in your inbox.