Published 22 Oct 2019

According to a recent report from accounting firm RSM, less than a fifth of European businesses are reporting data breaches despite being obliged to under the General Data Protection Regulation (GDPR).

The report, titled ‘Catch-22: Digital transformation and its impact on cybersecurity’, is based on an in-depth survey of successful European businesses that was carried out by the European Business Awards on behalf of RSM International. It seeks to gain insights into businesses’ awareness of risks to cybersecurity, what they are doing to counter these risks, and how they react following a data breach.

One of the most disturbing findings is that breaches in 75% of the surveyed businesses were never made public knowledge, despite the GDPR clearly requiring them to be reported to the relevant data protection authority. What’s more, this lack of transparency seems to be largely conscious. The report states that 34% of business admitted not fully understanding when they should report a breach. This implies that the remaining 66% do understand their obligations, yet at least some of these must be failing to report breaches regardless of this.

Another notable finding concerns employees’ ongoing vulnerability to cyberattacks. According to the respondents, 44% of successful cyberattacks targeted employees through email. The report talks about how hackers succeed by using an understanding of human behaviour to know what will motivate someone into taking the desired action. Despite this growing risk, though, 22% of businesses said they still did not provide cybersecurity training to their staff.

Although a data breach does provoke many businesses to invest more in training and software in the long run, the report also suggests that many are not doing enough. For example, only 26% included cybersecurity in their new or updated crisis planning after a breach, while just 27% were triggered into identifying further vulnerabilities in their cybersecurity. The report highlights that following a data breach, most businesses remain in the same state as before.

Furthermore, despite businesses relying more and more on third-party service providers, only 15% reported reviewing their third-party suppliers despite the importance of assessing their processes, controls, and security.

RSM Germany’s Co-Head of Risk Advisory Services, Gregor Strobl, said about the report’s findings:

“Without question, human error is inevitable and poses the biggest security risk to businesses. When it comes to cybersecurity, it is costing European middle market businesses dearly… It is vitally important to ensure that staff know how to recognise and respond... It is troubling, but unsurprising, that so few cyberattacks are ever made public to the authorities or affected businesses. Transparency is key to raising awareness, catching criminals and minimising the damage but the rules need to be clearer and applied more consistently.”

GDPR has brought about the biggest shakeup to data protection in two decades, and greater penalties means that compliance is essential. At Pro-Networks, however, we can help you to realise the benefits that GDPR compliance can bring through our managed IT support services. We can also help improve your cybersecurity by providing relevant training to your staff and equipping your organisation with suitable technologies.

 

Please share this post using any of the following share buttons.

Read similar posts to this article

Marriott being sued over 2018 breac...

Oracle and Salesforce sued for brea...

GDPR fines total more than €150m