GLOBAL: Businesses around the world are not doing enough to implement data-use governance practices or develop overall information security strategies, according to a new survey of 9,500 senior executives.

Globally, only half (51%) of executives report having an accurate inventory of customer and employee personal data, while just 53% require employees to complete training on privacy policy and practices.

And when it comes to third parties who handle the personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information.

These are some of the headline findings from the 2018 Global State of Information Security Survey (GSISS), an ongoing study conducted by PwC, the professional services firm.

PwC questioned 9,500 senior executives from 122 countries about their data privacy and security arrangements, with the poll slanted towards respondents from North America (38%), Europe (29%) and Asia Pacific (18%).

It found that businesses in North America and Asia (59% each) are typically ahead of those in Europe (52%) and the Middle East (31%) when it comes to developing an overall information security strategy.

Companies in North America (58%) and Asia (57%) are also significantly ahead of their counterparts in Europe (47%) and the Middle East (29%) in terms of staff training about privacy, as well as on developing an accurate inventory of personal data.

PwC said it expects improvements in authentication technology, including biometrics and encryption, to increasingly help business leaders build trusted networks.

Especially as half of respondents say the use of advanced authentication has improved customer and business partner confidence in the organisation’s information security and privacy capabilities.

In addition, around half (48%) say advanced authentication has helped reduce fraud and 41% say it has improved the customer experience.

However, Sean Joyce, PwC’s US cybersecurity and privacy leader, warned there are still too few companies that are building cyber and privacy risk management into their digital transformation practices.

“Understanding the most common risks, including lack of awareness about data collection and retention activities, is a starting point for developing a data-use governance framework,” he said.

PwC’s findings are released just a couple of months before the European Union’s General Data Protection Regulation (GDPR) comes into force on 25th May.

With the deadline fast-approaching, IAB Europe has also released draft specifications for a Transparency and Consent Framework and has invited public comment on the proposals.

Describing the framework as a non-commercial, open source initiative, IAB Europe said it represents a cross-industry effort to help publishers, technology vendors, agencies and advertisers to meet the transparency and user-choice requirements of the GDPR before the regulation comes into effect.

Sourced from PwC, IAB Europe; additional content by WARC staff