ESET survey reveals widespread business confusion about upcoming CCPA regulation

Next story

SAN DIEGO, August 5, 2019 – ESET, a global leader in IT security, today released the findings of its survey on business readiness for the California Consumer Privacy Act (CCPA). ESET polled 625 business owners and company executives to gauge business readiness for the upcoming regulation, which goes into effect on January 1, 2020. The survey results underscore how unprepared businesses are for the upcoming regulation. 

Key findings of ESET’s survey include:

  • Almost half (44.2%) of all respondents have never heard of the CCPA.
  • Only 11.8% of respondents know if the law applies to their business.
  • About a third (34%) of executives/owners say they don’t know if they will need to change how they capture, store and process data to comply. Another 22% say they “don’t care,” while 35.3% of respondents say nothing needs changing for CCPA compliance.
  • About a third (37.7%) of respondents are “very confident” they will have “reasonable security” in place per the CCPA requirement by January 1, 2020. Another third (33%) say they “don’t know.”
  • Slightly more than half (50.4%) of respondents indicated they did not modify their behavior or processes to bring their businesses into compliance with the GDPR (General Data Protection Regulation).

The full results are published here.

The law gives Californians the right to sue businesses that are subject to CCPA when their personal information is compromised in a data breach. These businesses can be exposed to significant financial penalties if found in “violation of the duty to implement and maintain reasonable security procedures and practices.”

“It’s clear that businesses are confused about this upcoming regulation, they do not know whether they are subject to the law and what they need to do to become compliant,” said Tony Anscombe, global security evangelist and industry ambassador. “This is a serious situation, as the penalties will be severe, and the financial harm could be grave to these firms. Businesses should particularly focus on the ‘reasonable security’ aspect of the law by ensuring they have stringent processes and practices in place, including strong endpoint protection and encryption, throughout their organization.”

Survey Methodology

The ESET survey was conducted between July 19-22, 2019 and was conducted via a Google Consumer Survey. The survey has a margin of error of +/- 3.8%. The survey included a screening question, ensuring that only respondents who were either (a) business owners or (b) company executives were polled.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET has become the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit or follow us on LinkedInFacebook and Twitter.