The study, which was conducted across 50 organisations in the UK and the US, revealed that only 40% of event planners felt they had the adequate security policies in place across their organisations.
It showed that 81% of event planners do not change passwords to event management systems often, with many changing less than once a year. A further 33% had shared their passwords with other people.
Another vulnerable area was email, with the survey finding that 65% of respondents emailed event data to third parties or other departments within their organisation, after downloading it from the event management systems. A further 36% has emailed their API key, which can allow third party systems, like event apps, access to data saved in event management systems.
The survey also explored security issues around delegate payments and the Payment Card Industry Data Security Standard (PCI DSS) compliance, a set of requirements which ensure companies that process, store or transmit credit card information maintain a secure environment. Nearly half of those surveyed didn’t know if they were PCI DSS compliant. 84% of planners were not being able to identify compliance requirements and a further 73% were unaware of the fines for non-compliance.
The survey highlighted how EU Data Protection regulations require extra security measures when dealing with ‘sensitive’ delegate data such as names, addresses and phone numbers and any information relating to the delegate’s racial origin, political opinion, religious beliefs or mental and physical well-being. Nearly 40% of respondents didn’t think race and religion were considered as sensitive and only 26% thought dietary requirements counted as sensitive.
• For more breaking news and in-depth features, sign up to C&IT Magazine's daily Newstracker here