Lastest news

Only 23% of businesses inform the regulator of a data breach, says RSM

Sep 12, 2019
Despite the European General Data Protection Regulation (GDPR) requiring firms to report certain types of data breach within the first 72 hours of detection, 75% of hacks never become public knowledge with just 23% of businesses choosing to inform the regulator following a breach, according to a new report by RSM.

Although reputational damage is a key concern for respondents, genuine confusion appears to be driving the lack of transparency with a third (34%) admitting that they do not understand the circumstances in which they would need to report a breach.

The research, conducted for RSM by the European Business Awards, surveyed 597 business decision makers across 33 European countries, suggests that employees are the weak link in many European businesses. Almost half (46%) of successful attacks targeted employees via emails in a practice known as phishing with 22% of businesses still providing no cybersecurity training to their staff. 

Nearly two-fifths of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 64% admitting that they may have been hacked unknowingly. This is compounded by a sense of apathy and acceptance, as 62% of respondents believe hackers are more sophisticated than security software developers.

With 80% of European businesses saying that digital transformation is a strategic priority for their growth it is concerning to find that just 34% of businesses have a cybersecurity strategy in place that they believe will protect them from cybercrime, with 21% having no strategy at all. Despite this, middle market businesses remain resilient in the face of cyber risk with 86% saying that the increased risk of cyberattacks has not dissuaded them from investing in digital transformation, with 29% of businesses seeing their revenue grow as a result of digital investments with cloud technology the biggest area of focus.

Source: RSM