By Rob Price, Senior Specialist Solutions Consultant and Global Lead for Risk & Compliance at Snow Software
While much of the 2020 news cycle was dominated by unforeseen crises, a more familiar topic that has re-emerged in today’s headlines is that of technology regulation. In recent days, new reports indicate that British Airways is facing one of the largest group claims ever in the UK associated with their 2018 data breach that exposed the sensitive data of 400,000 customers. This comes after last year’s litigatation over the airline’s GDPR fine where it was reduced from £183m to £20m. On top of the current precedent set by GDPR, the EU is also considering regulations that would mandate additional cybersecurity standards for financial services organisations, reducing government support for those who used an IT service or technology vendor that did not meet the minimum security standards.
In recent years, the need to better reflect and protect our digital lifestyles has driven global conversations surrounding technology regulations. In addition, the rapid pace of technology innovation, an increasing reliance on data, and the growing severity of cybersecurity threats have raised serious questions over whether current policies are sufficient. And for many countries – the resounding answer is no.
Proactive regulations in the face of uncertainty
As the technology industry, businesses, governments and individuals alike begin to overcome the initial wave of COVID-19, conversations surrounding technology regulations are rapidly returning to the forefront. Just like GDPR a few years ago, the continued debate and potential resulting regulations could introduce game-changing compliance mandates, with a lasting impact on the overall cost of technology.
Ultimately, the general lack of clarity and consistency in tech policy demands that IT leaders stay informed on potential regulations. It also remains critical that IT leaders have comprehensive visibility of their networks, in addition to a greater understanding of employee sentiment and behaviour, to understand how these laws could impact both their business and technology strategies.
A call for greater regulation
Snow Software’s 2021 IT Priorities Report, which surveyed a sample of 1,000 IT leaders and 3,000 employees, across the globe, revealed that the vast majority of both groups support these measures, but that their feelings about tech regulation have also evolved over the past year. In fact, when compared to 2019 global findings, which revealed 74% of employees said that the technology industry needed more regulations, the 2020 figure is significantly higher at 94% of IT leaders and 82% of employees. Of those who do want to see more tech regulations, the two leading areas were data protection (54% IT leaders / 46% employees) and cybersecurity (54% IT / 42% employees).
Global concerns in the face of pressing demands on IT
From these findings, it is also evident that IT leaders in the UK reflect concerns from around the globe. When looking at geographic breakdowns from the 2020 data, IT leaders from around the world had strong views on the areas that may require additional regulation for the technology industry. In the United Kingdom, 54% of IT leaders prefer to see regulations focused on cybersecurity first and foremost, followed closely by data protection at 48%. Data collection and encryption tied for third at 35% each, followed by competition and universal connectivity at 22% each.
On the flip-side, only 9% of respondents in the UK felt the technology industry did not need any more regulation at all. With cyber-attacks costing UK businesses £34 billion, and the average cost of a data breach now at £2.9 million, it’s not hard to see why.
Unsurprisingly, IT leaders around the world shared similar views to IT leaders in the UK. German IT leaders also favoured regulating cybersecurity first (53%) and data protection at a close second (51%), with encryption (32%), data collection (32%), and taxation (22%) following closely behind. Similar sentiments were also shared in Australia, where IT leaders also favour regulation focused on cybersecurity (60%), data protection (55%), data collection (48%), encryption (37%) and competition (24%).
A positive outlook
Despite a call for more effective regulations, the research revealed that both IT leaders and employees had positive sentiments about how things are going compared to 2019. The leading sentiment among IT leaders globally in 2020 was hopeful at 43%. Although, employees reported being marginally less hopeful – 26% in 2020 down from 29% in 2019. Feeling safe topped this list for employees at 28% in 2020, a slight uptick from 26% in 2019. It was also the second most popular choice for IT leaders in 2020 at 37%.
Unsurprisingly, the most significant gap between IT leaders and employees was empowerment – in 2020, 32% of IT leaders felt empowered versus just 15% of employees. The most positive year-over-year change was around vulnerability. Nearly twice as many employees felt vulnerable in 2019 (24%) compared to 2020 (13% of employees and 10% of IT leaders).
The journey has only just begun
Whilst it seems IT leaders are optimistic about the progress in regulation, it is clear there remains a lot more to be done. IT leaders in the United States, for example, seem more hopeful (60%) about the current state of technology regulations compared to their counterparts in the UK (38%), suggesting an urgent need for policy review if the UK wants to maintain its position as a leading tech hub.
As governments around the world begin to pick this back up as a critical topic of discussion, technology regulations should be on every IT leader’s radar. As legislation changes, organisations must be ready to adapt to minimise any potential disruption. Understanding the role that technology plays across your organisation and ensuring it is providing the most value is the first step organisations must take to ensure resilience in the face of change.