Tag: cybersecurity

The Equifax Data Theft: What if GDPR were in Force? | Sherpas in Blue Shirts

The high entropy data protection space has once again gained headlines after Equifax, the U.S- based consumer credit reporting agency, revealed that a July 2017 theft compromised more than 143 million American, British, and Canadian consumers’ personal data. The data breach incident, one of the worst cyber-attacks in history, was conducted by hackers who exploited a vulnerability in the company’s U.S. website and stole information such as social security numbers, birth dates, addresses, and driver’s license numbers. (Equifax maintains and develops its database by purchasing data records from banks, credit unions, credit card companies, retailers, mortgage lenders, and public record providers.)

Much about the situation would have been considerably different had this breach happened after May 2018, at which time the General Data Protection Regulation (GDPR) – a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) – goes into effect. Even though it is not headquartered in the EU region, Equifax would have come under the purview of GDPR, because it maintains and reports the data of British citizens. And the stringency of requirements and degree of implications would have been significantly higher for the credit rating agency.

GDPR and Equifax

Although not directly related to GDPR, another significant business impact is the sudden “retirement” of Equifax’s CEO less than three weeks after the breach was announced.

This massive cyber-attack is a wake-up call for the services industry. Starting today, operations and businesses must regard data protection regulations with the utmost importance. Non-compliance will not only harm firms financially, but also expose them to brand dilution and business continuity risks.

Some of the key imperatives for enterprises operating in the ever-so-stringent data protection space include:

  • Know and understand the data security laws under which your enterprise falls, especially those such as GDPR that have far reaching impacts
  • Redesign your business processes to incorporate privacy impact assessments to identify high risk processes
  • Implement necessary changes in the contracts with third parties to incorporate the stricter requirements of consent
  • Achieve process transformation to inculcate privacy by design; this includes risk exposure reduction by technological changes such as data minimization
  • Appoint a Data Protection Officer to align the business goals with data protection requirements
  • Make suitable changes in contracting and governance practices to ensure adequate emphasis on data protection

To learn more about the strategic impact of the EU GDPR on the global services industry, please read our recently released viewpoint on GDPR: “EU GDPR: Is There a Silver Lining to the Disruption.”

Global Sourcing Activity Declines in Q3 2016, But GIC Setup Activity Marks All-Time High | Press Release

Trend to watch: Leading service providers are accelerating investments in cybersecurity as enterprise adoption of digital services continues to rise.

Location activity in the global sourcing industry declined significantly in Q3 2016 from the previous quarter, with 404 deals in Q3 compared to 429 in Q2, according to Everest Group, a consulting and research firm focused on strategic IT, business services and sourcing.

Although outsourcing activity across North America increased during the quarter (with share of transactions jumping from 31 to 37 percent), there was a 24 percent decline in the number of deals across Europe (except in the United Kingdom, which reported no change in activity), and the rest of the world experienced a decline as well.

Conversely, Global In-house Center (GIC) setup activity reached 37 setups in Q3 2016, an all-time high, led by new adopters setting up their first delivery centers. GIC activity on a year-to-year basis also witnessed increased traction, reflecting the growing importance of in-house centers to enterprises.

Key Trend to Watch

Everest Group’s Q3 2016 research suggests that a key trend to watch is increasing service provider investments in cybersecurity. Between 2015 and 2016, service providers have ramped up their cybersecurity portfolios via strategic acquisitions, organic growth and collaborative alliances with technology firms.

“As enterprises increasingly adopt digital services, robust cybersecurity programs are becoming ‘must have,’” said H. Karthik, partner at Everest Group. “This, in turn, is forcing service providers to continuously evolve their offerings and move toward end-to-end cybersecurity services.”

“Baseline cybersecurity capabilities of service providers include having personnel that can follow a client’s security initiatives and use basic security tools and products to manage the security of applications and infrastructure. But service providers are moving quickly beyond that to develop more sophisticated services, ranging from designing security architecture to providing insights through security analytics. Leading service providers are pushing the envelope even further, looking to provide even more advanced support, such as pre-emptive threat intelligence, localized managed security services and incident response.”

Market Vista™: Q3 2016 These findings and more are discussed in Everest Group’s recently published report, “Market Vista™: Q3 2016.” This report provides data and analysis highlighting the key trends and developments in the fast-evolving global offshoring and outsourcing market. The research captures the key developments across outsourcing transaction trends, the health of Global In-house Centers (GICs), location risks and opportunities, and service provider developments.

A review of the Market Vista Q3 updates is offered in a webinar: “The Impact of Philippine Political Changes on Global Services, PLUS Market Vista™ Q3 Updates.” This one-hour session hosted by Karthik and Salil Dani, vice president at Everest Group, provides the latest insights on the global services industry, including:

  • Major contributors to global services market growth in Q3 2016
  • Demand geographies contributing to market growth
  • New segments that are driving growth
  • Supply geographies best suited to support incremental demand
  • The market outlook for the remainder of 2016

In addition, the webinar features commentary and analysis on the impact of recent changes to the political climate in the Philippines.

Request a briefing with our experts to discuss the 2022 key issues presented in our 12 days of insights.

Request a briefing with our experts to discuss our 2022 key issues

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

  • Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.