Under the GDPR, "fines are so large that they could be an existential threat to your company," Fletcher said. "We see people on security teams that are essentially divorced from the rest of the risk management of the business. They're making decisions on behalf of the business that were potentially putting their entire reason to exist at risk."
It would seem to be a slam-dunk - but many companies are still struggling to change their culture to provide the kind of openness that the NDB and GDPR require. The key, said Charles Henderson, head of IBM's X-Force Red ethical-hacking arm, is for all businesses to move past old and arbitrary divisions and change their security culture to be responsive at every level of the business.
"Companies that think of security as a fixed destination are not successful", Henderson recently told CSO Australia. "Agility is key not just in business but also in security. But if security testing becomes an obstacle to the business, guess who wins that battle - the business. If we can integrate security testing into the business lifecycle, we set up that business for success down the road."
Sign up for CIO Asia eNewsletters.