<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
BitSight Insights

Cybersecurity in Europe is Improving: Thank You GDPR?

Jake Olcott | December 4, 2018

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever. 

But let’s think about the bigger picture. Is GDPR working? How would we know?

For years, global policymakers have struggled to develop effective responses to cyber threats, in part because we just don’t have the data to help us understand what’s actually happening in cyberspace. Think about it — if you’re a U.S. policymaker considering ways to address American unemployment, you can turn to the Department of Labor’s Bureau of Labor Statistics for data that measures labor market activity, working conditions, and price changes in the economy. Or the U.S. Census Bureau for quality data on personal and economic issues. When it comes to cyber crime, there’s just not much to work with — the U.S. Bureau of Justice Statistics last updated its information in 2005. There’s no objective data set to turn to for cyber vulnerabilities, cybersecurity performance, cyber risks, or anything similar.

BitSight is trying to change this dynamic. Thanks to our massive data collection and processing techniques and capabilities, BitSight is able to collect, evaluate, and measure cybersecurity performance across global organizations, providing unique and valuable insight into global, regional, and sectoral performance trends across different sized organizations. 

When BitSight recently analyzed security performance across more than 140,000 organizations worldwide, the findings were surprising. While our research found a steady decrease in security performance across all regions of the globe, organizations within continental Europe actually improved their security performance over the last year. Some of the areas that organizations have improved on include the implementation of stronger controls to reduce Internet exposed services (open ports). These improvements align well with the lead-up to the implementation of GDPR, and continue after the effective date.

Cybersecurity Performance by Continent Security Ratings Cybersecurity Performance by Continent


Effectiveness In Reducing Internet Exposures (Open Ports)Effectiveness in Reducing Internet Exposures (Open Ports)

european cybersecurity regulations GDPRSecurity performance data may be useful to policymakers as they consider the impact of existing regulations like GDPR, but also future policies and regulations. Policymakers in the U.S. and abroad will continue to consider implementing regulations based on GDPR that will protect citizens from poor data security management. Already we are seeing many calls to adopt similar legislation elsewhere around the world, including Apple’s Tim Cook who, in late October at the Conference of Data Protection and Privacy Commissioners in Belgium, proposed the U.S enact a GDPR-like policy. This summer, California passed legislation imposing stronger privacy regulations for companies doing business in the state and some are pushing for that same regulation at a federal level.

How will policymakers judge the necessity or effectiveness of these efforts? On what sectors should they spend their time and focus? On what sized companies? What data will they use? How will they model the impacts?

Global policymakers must begin thinking about the essential elements that will be necessary to build a lasting legal and policy framework to address these significant cyber risks. The Bureau of Labor Statistics was established in 1913; as we think about the next 100 years, and all of the changes that will come to our globe as a result of technology and interconnectivity, is there be any doubt that independent, quantitative cybersecurity data will be critical to our society?

View the December 2018 BitSight Insights report to learn more about the cybersecurity performance of different industries around the world and find out how the new European cybersecurity regulations are working.european cybersecurity regulations

Suggested Posts

Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...


Security Ratings of U.S. Federal Agencies & Government Contractors

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key...


Are Vendors Meeting Your Company’s Security Standards?

When it comes to vendor risk management, organizations ultimately need their vendors to meet the same standard of security performance they hold for their own organization. For years, the Finance industry has been a trailblazer in managing...


Subscribe to get security news and updates in your inbox.