"The issue of data protection should be considered

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 7:55 am

The level of information security (IS) systems in organizations and the draft law on the introduction of turnover fines for leaks of personal data were discussed by representatives of federal authorities and Russian companies during the cybersecurity week in the State Duma of the Russian Federation. The participants in the discussion agreed that the overwhelming majority of Russian organizations are not ready to adopt the draft law due to the low level of security systems.

from three sides: greece telegram from the citizens, the state and business. As a citizen, I support the law on increasing liability. But as a company representative, I can say that we are not ready for this. The incidents that have occurred since the beginning of the SVO show that even large companies have problems. And even if the company spends 100% of the budget, it will still be less than the attackers. Fighting them with the budget is not an option, since their goal is to cause image and reputational damage to the Russian Federation and its citizens, which is what they spend huge amounts of money on," said Alexey Volkov, Vice President for Information Security at PJSC VimpelCom (Beeline brand).

Alexey Volkov also noted that it is impossible to prepare security systems in a short time: "All companies have already formed a budget. If turnover fines come into force on January 1, 2025, it will be difficult to find additional money. Most likely, companies will be ready for this only in 2026. Even if we find funds to implement security measures, their implementation will not be quick. Security cannot be bought or built - it can only be nurtured. It is necessary to change the organizational culture, but this takes more than one year."

First Deputy Director of the FSTEC of Russia Vitaly Lyutikov supported the adoption of the bill and noted the low level of readiness of security systems in Russian companies: "Increasing fines and introducing turnover fines should lead to a shift from formal compliance with requirements to increasing the efficiency of what has already been done or will be done. Organizations that are not ready for such bills doubt the effectiveness of the information security system. And if an information security specialist