Only 14% of companies are ready to comply with the General Data Protection Regulation (GDPR), according to a survey of security professionals conducted by HyTrust at the RSA Conference in April.
Another 40% are at varying degrees of preparedness, and 26% are unsure, HyTrust reports.
The survey also found that 73% were surprised at the changes required to meet GDPR. And of those, 21% did not anticipate the new technology they would need. Another 25% said the cost is greater than they expected.
In addition, 15% were surprised by the amount of new hires their firms would have to make.
HyTrust CEO John De Santis states that companies must implement “sound security controls and encryption now, rather than spend a lot of time and money scaring management into funding studies.”
However, 60% have not done so, the survey found. The remainder feel that no changes are needed.
Of those that need change, 17% said they encrypt data in new places where they had not done so.
Overall, 26% were surprised by the extent of the changes they would have to make to their security and IT policies to comply with GDPR.
At the same time, 23% have changed their encryption-key policies and 19% segment their data and encrypt based on data type and usage, a step in protecting Personally Identifying Information (PII).