Is information security a human right? Authorities in Europe have decided, “yes.”

That’s left global Chief Information Security Officers (CISOs), and their organizations, scrambling to meet new regulations that are transitioning into effect next year. The law, called the General Data Protection Regulation (GDPR), expands the data privacy responsibilities of companies who offer goods or services to European Union (EU) countries citizens.

In this context of increased pressure for CISOs to bolster the protections of their companies, ServiceNow polled 300 CISOs around the world, and produced a special report on France, Germany and the U.K, on the state of enterprise security. These executives came from a wide range of industry segments – including financial services, IT services, media, and professional services – and a wide range of company sizes – from $500 million in revenue to more than $10 billion.

The survey results showed that even though these new regulations will become law just next year, 83% of European CISOs (inclusive of the U.K., which is exiting the EU) are highly concerned that detected security breaches are going unaddressed. But some countries appear more worried than others: 90% of CISOs in France are concerned compared with 72% in Germany, and 88% in the U.K.

In order for CISOs to meet the new regulatory requirements, including timing of breach notification, they will need to have a stronger hold on their systems, applications and data inventory. Adopting more automation is the answer.

Hundreds to thousands of security incidents can happen in a given day. Companies need to figure out how to automate the simple security tasks, so that they can focus the activities of talent on the more complex work, while machines quickly address straightforward issues.

More automation in business functions will help maintain security controls to protect individual data and quickly respond to potential or actual data breaches.

According to our study, almost 75% of CISOs around the world intend to automate prioritizing to which security threats to respond; more than 70% plan to automate the identification of business-critical threats; and 77% plan to automate the aggregation of alters from multiple security tools into a single system.

In Europe, CISOs in one country are making these plans far more aggressively: Germany.

In Germany, 90% of CISOs intend to automate prioritizing to which security threats to respond within the next three years; 80% plan to automate the identification of business-critical threats; and 86% plan to automate the aggregation of alters from multiple security tools into a single system.

By leading in automation and focusing on prioritizing what matters, CISOs can exceed the expectations of their companies and clients.