Within that, those in Europe are more likely to say they are very well or well prepared compared to those in North America (35% vs. 25%), while one in four in North America have not even heard of GDPR.
So says the Radware 2017-2018 Global Application and Network Security Report, which is in sharp contrast to the findings of a report from the International Association of Privacy Professionals (IAPP) which claimed that 84% of US companies expect to have their GDPR operations up and running by May 25 2018.
Radware's research found that, when asked to rank the biggest impact of GDPR on their business, 32% said technical changes to the architecture, 24% said the legal adjustments, 23% said the financial investment required to get ready and 21% said co-ordinating the cross organisational transformation.
The study also found that the percentage of companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50% of those surveyed experiencing a cyber-attack motivated by ransom in the past year.
As the value of bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later, said Andrew Foxcroft, regional director for Radware UK, Ireland and the Nordics.
He added: "The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies' anonymity. Paying a hacker in these situations not only incentivises further attacks, but it provides criminals with the vital funds they need to continue their operations."
The number of companies that reported ransom attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid – surged in the past year, increasing 40% from the 2016 survey. Companies do not expect this threat to go away in 2018 either; one in four executives (26%) see ransom as the largest threat to their business sector in the coming year.
"Criminals used various exploits and hacks this year to encrypt vital systems, steal intellectual property, and shut down business operations, all with ransom demands attached to these actions," Foxcroft added. "Between service disruptions, outages, or intellectual property theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs. As hackers and their methods become increasingly automated, and with just five months to go until GDPR comes into force, it is now more important than ever for organisations to be proactive in protecting their business.
"But more than that, companies need to be checking that the businesses they deal with are also prepared and familiar with the GDPR. While many of the North American companies who said they had no idea about GDPR are probably not trading in Europe at the moment, chances are many will be as new markets are established after Brexit."